FINSTIX: A standards-based model for representing and sharing security information for the critical infrastructures of the financial sector
<pstyle=” text-align: justify;”>FINSTIX allows to model the CPTI information, with particular emphasis on cyber and physical security of the critical infrastructures of the financial sector. Using FINSTIX, organizations can collect security data from physical and cyber security systems in the financial sector, as means of applying security analytics, issuing alerts and activating relevant security policies. It therefore provides a unique standard-based way for representing security information, facilitating organizations to share information and to implement novel collaborative security functions, such as collaborative assessment of security risks. FINSTIX is also a foundation for representing security knowledge across the systems of the financial services supply chain.
More information on the FINSTIX is available in the Securing Critical Infrastructures in the Financial Sector course.
FINSTIX provides a first of kind approach to standardizing the semantics of security and threat intelligence applications for the critical infrastructures of the financial sector. It extends the Structured Threat Information eXpression (STIX™) standard with information and semantics that are specific to the financial sector, while covering not only cyber, but also physical information as well.