Balisage Paper: Integrating Top-down and Bottom-up Cybersecurity Guidance using XML

Balisage: The Markup Conference 2016
August 2 - 5, 2016

The materials listed below were provided by the speaker as supplements to a presentation at Balisage. These materials may include the slides or visuals used in the presentation; supplementary material, such as code samples or a demonstration application; and/or the paper accompanying the presentation (if it has not been provided in XML). These materials have been zipped for easy download and are identified by a brief description of the contents. The materials themselves are untouched, that is, they have not been tested or edited by Balisage: The Markup Conference or by Mulberry Technologies, Inc. As such, they are included on this website AS IS, i.e., as provided by the speaker, with no warranties, express or otherwise, made by Balisage or Mulberry.

Slides and Materials

×

National Institute of Standards and Technology (NIST) and United States of America. Framework for Improving Critical Infrastructure Cybersecurity. (2014). http://www.nist.gov/cyberframework.

×

NIST Cybersecurity Framework (CSF) Reference Tool. http://www.nist.gov/cyberframework/csf_reference_tool.cfm. Accessed April 29, 2016.

×

Cunha, Jacome, Joao Saraiva, and Joost Visser. Discovery-Based Edit Assistance for Spreadsheets. In Symposium on Visual Languages and Human-Centric Computing (VL/HCC). 233–37. IEEE (2009). doi:https://doi.org/10.1109/VLHCC.2009.5295255.

×

Cunha, Jacome, Joao Saraiva, and Joost Visser. From Spreadsheets to Relational Databases and Back. In Proceedings of the 2009 ACM SIGPLAN Workshop on Partial Evaluation and Program Manipulation, 179–88. Savannah, GA, USA (2009). doi:https://doi.org/10.1145/1480945.1480972.

×

Date, Chris J., and Hugh Darwen. A guide to the SQL Standard: a user's guide to the standard relational language SQL. Vol. 55822. Addison-Wesley Longman (1993).

×

Durusau, Patrick, and Sam Hunting. Spreadsheets - 90+ million End User Programmers with No Comment Tracking or Version Control. Presented at Balisage: The Markup Conference 2015, Washington, DC, August 11 - 14, 2015. In Proceedings of Balisage: The Markup Conference 2015. Balisage Series on Markup Technologies, vol. 15 (2015). doi:https://doi.org/10.4242/BalisageVol15.Durusau01.

×

Hung, Vu, Boualem Benatallah, and Regis Saint-Paul. Spreadsheet-Based Complex Data Transformation. In Proceedings of the 20th ACM International Conference on Information and Knowledge Management, 1749–54 (2011). doi:https://doi.org/10.1145/2063576.2063829.

×

ISO/IEC 29500-1:2012. Information technology - Document description and processing languages - Office Open XML File Formats - Part 1: Fundamentals and Markup Language Reference.

×

Kohlhase, Andrea, Michael Kohlhase, and Ana Guseva. Context in Spreadsheet Comprehension. Proceedings of the Second Workshop on Software Engineering Methods in Spreadsheets. Vol. 1355. Florence, Italy: CEUR Workshop Proceedings, 21-27 (2015).

×

Linkov, Igor, Elke Anklam, Zachary A. Collier, Daniel DiMase, and Ortwin Renn. Risk-based standards: integrating top–down and bottom–up approaches. Environment Systems and Decisions. 34, 134–137 (2014). doi:https://doi.org/10.1007/s10669-014-9488-3.

×

Lubell, Joshua. XForms User Interfaces for Small Arcane Nontrivial Datasets. Presented at Balisage: The Markup Conference 2014, Washington, DC, August 5 - 8, 2014. In Proceedings of Balisage: The Markup Conference 2014. Balisage Series on Markup Technologies, vol. 13 (2014). doi:https://doi.org/10.4242/BalisageVol13.Lubell01.

×

Lubell, Joshua. Extending the Cybersecurity Digital Thread with XForms. Presented at Balisage: The Markup Conference 2015, Washington, DC, August 11 - 14, 2015. In Proceedings of Balisage: The Markup Conference 2015. Balisage Series on Markup Technologies, vol. 15 (2015). doi:https://doi.org/10.4242/BalisageVol15.Lubell01.

×

Lubell, Joshua. Baseline Tailor User Guide. NISTIR 8130. National Institute of Standards and Technology (2016). doi:https://doi.org/10.6028/NIST.IR.8130.

×

NVD - 800-53. https://web.nvd.nist.gov/view/800-53/home. Accessed April 29, 2016.

×

Reference Model for an Open Archival Information System (OAIS). Recommended Practice CCSDS 650.0-M-2. Consultative Committee for Space Data Systems (2012).

×

Pedersen, Torben Bach, Dennis Pedersen, and Karsten Riis. On-demand multidimensional data integration: toward a semantic foundation for cloud intelligence. The Journal of Supercomputing. 65, 217–257 (2013). doi:https://doi.org/10.1007/s11227-011-0712-3.

×

Rennau, Hans-Jürgen, and Christian Grün. XQuery as a data integration language. Presented at Balisage: The Markup Conference 2015, Washington, DC, August 11 - 14, 2015. In Proceedings of Balisage: The Markup Conference 2015. Balisage Series on Markup Technologies, vol. 15 (2015). doi:https://doi.org/10.4242/BalisageVol15.Rennau01.

×

Joint Task Force Transformation Initiative. Guide for Conducting Risk Assessments. NIST Special Publication 800-30. Revision 1 (2012). doi:https://doi.org/10.6028/NIST.SP.800-30r1.

×

Joint Task Force Transformation Initiative. Security and Privacy Controls for Federal Information Systems and Organizations. NIST Special Publication 800-53. Revision 4 (2013). doi:https://doi.org/10.6028/NIST.SP.800-53r4.

×

Stouffer, Keith, Victoria Pillitteri, Suzanne Lightman, Marshall Abrams, and Adam Hahn. Guide to Industrial Control Systems (ICS) Security. NIST Special Publication 800-82. Revision 2 (2015). doi:https://doi.org/10.6028/NIST.SP.800-82r2.

×

XForms 1.1. W3C Recommendation (2009). http://www.w3.org/TR/xforms.

×

Extensible Markup Language (XML) 1.0 (Fifth Edition). W3C Recommendation (2008). http://www.w3.org/TR/xml.

×

XML Path Language (XPath) 3.0. W3C Recommendation (2014). http://www.w3.org/TR/xpath-30.

×

XQuery 3.0: An XML Query Language. W3C Recommendation (2014). http://www.w3.org/TR/xquery-30.

×

XSL Transformations (XSLT) Version 2.0. W3C Recommendation (2007). http://www.w3.org/TR/xslt20.

Author's keywords for this paper:
risk management; mission/business objectives; cybersecurity framework; XForms; XSLT; security control; tailored baseline; Industrial Control System; NIST SP 800-53; NIST SP 800-82