Security Basics mailing list archives
What defines an "incident"? - Part 1
From: "Craig Wright" <cwright () bdosyd com au>
Date: Thu, 16 Feb 2006 14:04:50 +1100
Hello All, Bob has added a good point to the discussion with the requirements to define an '"event", versus an "occurrence", versus an "incident", versus a "situation"'. {Bob stated} Until an "attack attempt" has been: (1) proven as an "attack", (2) was successful, and (3) have an idea as to who is responsible for the attack attempt -- the current state leading from the course of circumstances would remain as an "event" -- nothing more. However, point 1 is correct. An attack is not just a set of random occurrences. There needs to be intent. An accidental occurrence or uninformed mistake (for example) may seem to be an attack, but are just events and incidents. Even if not successful, an attempted attack may still be classified as an incident. The Long Island Nuclear Power plant suffered a near melt down a number of years ago. The controls sufficed to stop the escalation of this event into a catastrophe, but it is still seen as an incident (though not an attack). Citibank's security was compromised a number of years ago and they lost a large sum of money. There is now some idea of some of the people involved, but even before this, it was still both an attack and an incident. Though you do not know who is responsible, there may be an attack. A more general example. If you are mugged in a dark alley but do not see your assailants, you have still been attacked. If you run away and they do not succeed, it is still an attempt. In addition in respect to computer attacks, the attempt itself is a crime. In a country by country (non-exclusive) breakdown; Australia (Cth) Criminal Code Act 1995 (Cth) amened by the Criminal Code Amendment (Theft, Fraud, Bribery and Related Offences) Act 2000 and the Cybercrime Act 2001 (Cth) Possession or control of data with intent to commit a computer offence (s. 478.3) 3 years max. NSW (Australia) Crimes Act 1900, ss. 308-308I (added by Crimes Amendment (Computer Offences) Act 2001) Possession or control of data with intent to commit serious computer offence (s. 308F) 3 years max. Producing, supplying or obtaining data with intent to commit serious computer offence (s.308G) 2 years max. United Kingdom Unauthorised access with intent to commit or facilitate commission of further offences (s.2) 5 years max. /and/or fine United States (Federal) - too many states to list here United States Code 18 USC S1029 etc. (Added by Computer Fraud and Abuse Act 1986) Recording of dialling, routing, addressing and signalling information (S 3121 etc) 1 year max. and/or fine Fraud and related activity in connection with computers (s 1030) 10 years max. 1st offence (up to 20 subsequent) Canada Criminal Code (RS 1985, c. C-46) Part XI: Wilful and Forbidden Acts in respect of Certain Property Mischief in relation to data (s. 430(1.1)) Up to life (in cases of actual danger to life) or 2 years Regards, Craig Dr Craig S Wright DTh MNSA MMIT CISA CISM CISSP ISSMP ISSAP G7799 GCFA AFAIM Manager - Computer Assurance Services BDO Chartered Accountants & Advisers Level 19, 2 Market Street, Sydney, NSW 2001 Telephone: +61 2 9286 5555 Fax: +61 2 9993 9705 Direct: +61 2 9286 5497 <Mailto:CWright () bdosyd com au> Until an "attack attempt" has been: (1) proven as an "attack", (2) was successful, and (3) have an idea as to who is responsible for the attack attempt -- the current state leading from the course of circumstances would remain as an "event" -- nothing more. Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists. DISCLAIMER The information contained in this email and any attachments is confidential. If you are not the intended recipient, you must not use or disclose the information. If you have received this email in error, please inform us promptly by reply email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. Any views expressed in this message are those of the individual sender. You may not rely on this message as advice unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by a Partner of BDO. BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, interception, corruption or unauthorised access. --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- What defines an "incident"? - Part 1 Craig Wright (Feb 17)