As cyber systems become increasingly complex and cybersecurity threats become more prominent, defenders must prepare, coordinate, automate, document, and share their response methodologies to the extent possible. The CACAO standard was developed to satisfy the above requirements, providing a common machine-readable framework and schema for documenting cybersecurity operations processes, including defensive tradecraft and tactics, techniques, and procedures. Although this approach is compelling, a remaining limitation is that CACAO provides no native modeling notation for graphically representing playbooks, which is crucial for simplifying their creation, modification, and understanding. In contrast, the industry is familiar with BPMN, a standards-based modeling notation for business processes that has also found its place in representing cybersecurity processes. This research examines BPMN and CACAO and explores the feasibility of using the BPMN modeling notation to represent CACAO security playbooks graphically. The results indicate that mapping CACAO and BPMN is attainable at an abstract level; however, conversion from one encoding to another introduces a degree of complexity due to the multiple ways CACAO constructs can be represented in BPMN and the extensions required in BPMN to support CACAO fully.

翻译：随着网络系统日益复杂，网络安全威胁愈发凸显，防御方必须尽可能地准备、协调、自动化、记录并共享其应急响应方法。CACAO标准旨在满足上述需求，提供了一种通用的机器可读框架与模式，用于记录网络安全运营流程，包括防御性实践经验、战术、技术及规程。尽管该方法颇具吸引力，但其仍存在一个局限：CACAO未提供原生建模符号来图形化表示剧本，而这对于简化剧本的创建、修改和理解至关重要。相比之下，业界熟悉BPMN——一种基于标准的业务流程建模符号，该符号同样已应用于表示网络安全流程。本研究考察了BPMN与CACAO，并探索使用BPMN建模符号来图形化表示CACAO安全剧本的可行性。结果表明，在抽象层面上，CACAO与BPMN可实现映射；然而，由于CACAO结构可通过多种方式在BPMN中表示，且BPMN需扩展以全面支持CACAO，因此两种编码之间的转换会引入一定程度的复杂性。