Network Monitoring SIG

Introduction

This document sketches the outline of what the new Special Interest Group (SIG) ‘Network Monitoring’ is going to be about. This SIG birth certificate starts by introducing its mission statement and the reasons of existence (why this SIG?). Secondly it presents the goals it endeavours to achieve. Finally the scope / focus of the SIG are defined and limited. The question as how the SIG want to achieve its goal is briefly touched upon. This will be subject to future discussion and published in a separate document.

Mission Statement

To advocate, develop and promote knowledge and techniques for collection and analysis of network sensor and monitoring data to build the capabilities of CSIRTs to quantify and measure malicious activity on networks to create more secure systems.

Why this SIG?

  • Network monitoring is an important source of information to help CSIRTs quantify malicious activity on networks;
  • To help CSIRTs best use their limited resources by making use of the tools and techniques developed by other CSIRTs;
  • To promote collaboration in the development of new tools, techniques and analysis methodologies.

Goals

  • Provide an platform for FIRST members to actively exchange monitoring technologies, software and knowledge;
  • Promote situational awareness and support research into more secure systems and networks;
  • Join forces in current global (software)developments in the field of network monitoring to reduce cost and improve performance;
  • Gradually work towards a common set of standards/formats and, in the long term, to a common repository of monitoring-tools.

Scope / Limitations

  • Participation to the NM-SIG is op en to FIRST members. Albeit that non-members can be introduced by FIRST members to join the NM-SIG;
  • The SIG is focused primarily and solely on technical issues, rather than policy or legal issues;
  • The SIG’s focus is on monitoring technologies in the broadest sense of the word (hence there’s no limiting definition as to what monitoring is all about and what not);
  • The SIG has no ambition to set global standards for monitoring data exchange, but supports the development of an operational framework;
  • The SIG has no intention to become an auditing or certification authority regarding monitoring systems or technologies whatsoever.

How?

  • The NM-SIG starts with setting up a questionnaire to provide an overview of what monitoring initiatives are present within the NM-SIG. This information is published to the FIRST community;
  • The NM-SIG will create web-presence on the FIRST website.

Chair

Carol Overes (GOVCERT.NL)

Mailing list: