Definition Open Cybersecurity Schema Framework | OCSF
What is the Open Cybersecurity Schema Framework (OCSF)?
providers on the topic
The Open Cybersecurity Schema Framework is an open source project from currently 18 companies active in the IT security environment. The project aims to provide more cyber security with the help of open standards and a simplified, manufacturer-independent taxonomy. Among other things, a uniform scheme for security events is to be created that reduces the normalization effort for data and breaks down data silos.
OCSF is the acronym for Open Cybersecurity Schema Framework. It is still a fairly young open source project, publicly announced in August 2022, by currently 18 companies active in the IT security environment. These companies include AWS, Splunk, Broadcom (Symantec), Cloudflare, IBM, Palo Alto Networks, Salesforce, Trend Micro and a few more. The aim of the project is to ensure more cyber security through a simplified, manufacturer-independent taxonomy and open standards. Among other things, a uniform scheme for security events is to be created that reduces the normalization effort when consolidating data from different security solutions and breaks down data silos. Cyber attacks and other threats to IT security can be detected, analyzed and warded off more quickly and effectively. The Open Cybersecurity Schema Framework can be implemented by manufacturers in their solutions and products and is compatible with existing security standards and processes. OCSF is licensed under Apache License 2.0. It is freely available via GitHub.
Background to the creation of the Open Cybersecurity Schema Framework
Different vendors’ cybersecurity solutions use different data models and schemas. There is no uniform format for logging data and security events that is accepted by all companies. Detecting, analyzing and defending against cyberattacks usually requires coordinating multiple security tools and consolidating their data. Merging data from different sources requires a lot of time and resources to normalize the data in advance of the actual data analysis. Security teams and security professionals waste time on normalization tasks that could be better spent investigating security events and defending against cyberattacks. With open standards and a simplified, manufacturer-independent taxonomy, the Open Cybersecurity Schema Framework is intended to reduce the normalization effort and give security teams more time for their actual tasks.
Contents of the Open Cybersecurity Schema Framework
The OCSF project deals with several topics and subtasks. The content of the Open Cybersecurity Schema Framework to be developed by the project includes:
- open standards for telemetry of security solutions and services
- Opens source tools to support the framework and to apply the OCSF schema faster and easier
The OCSF Goals
The aim of the OCSF project is to facilitate data exchange between different security solutions and services through open standards. With less effort required to normalize data, security professionals and security teams have more time to detect, analyze, and defend against cyberattacks. Data silos of different security tools are broken up by the simplified, manufacturer-independent taxonomy and cyber attacks can be fought faster and more effectively.
Information Security Asia is the go-to website for the latest cybersecurity and tech news in various sectors. Our expert writers provide insights and analysis that you can trust, so you can stay ahead of the curve and protect your business. Whether you are a small business, an enterprise or even a government agency, we have the latest updates and advice for all aspects of cybersecurity.