Security Basics mailing list archives
RE: Security incident or operational incident?
From: "Mark Palmer" <mpalmer () hoovers com>
Date: Tue, 10 Oct 2006 14:19:26 -0500
There are the 3 tenants of security, but what is missing is a how to divide and categorize all compliance events. There was something I read somewhere (sorry I forgot the resource) that divided compliance events into two categories. Cat 1 Avoidable Predictable Benign Cat 2 Intentional Unavoidable Malicious These are the "ying-and-yang" of determining compliance incident classification. Category 1 events are controllable with the appropriate controls in place. Sometimes humans make mistakes. Category 2 events are when someone intentionally is doing something for personal gain. Your incident was neither. It was a Compliance Event that needed to be reported, but perhaps not escalated to the management, but that depends on your Security and Compliance Framework. Mark Palmer ----- The information contained in this communication is confidential. This communication is the property of Hoover's, Inc. and is intended only for the use of the addressee. If you are not the intended recipient, please notify me promptly and delete the message. Any distribution or copying of this message without my prior consent is prohibited. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of ttate () ctscorp com Sent: Tuesday, October 10, 2006 3:06 AM To: security-basics () securityfocus com Subject: Security incident or operational incident? As we all know, the tenets of information security are confidentiality, integrity & availability. How do you separate out an operational incident from a security incident? For example, is it a security incident or operational incident when an admin accidentally deletes an OU in AD containing users or computers when working in the GPO management console? The admin is authorized to perform all and any tasks in AD. In this case by deleting the OU, the users no longer had access to the system, hence the availability tenet comes into play. But the issue was not caused by some malicious intent but by a perceived flaw in the Microsoft application. Who would think that you could delete OU's in the GPO management console? Thanks for your thoughts. Regards, Troy ------------------------------------------------------------------------ --- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Security incident or operational incident? ttate (Oct 10)
- Re: Security incident or operational incident? sami seclist (Oct 10)
- <Possible follow-ups>
- RE: Security incident or operational incident? Mark Palmer (Oct 10)
- FW: Security incident or operational incident? Laundrup, Jens (Oct 13)