RE: Security incident or operational incident?

["Mark Palmer" <mpalmer () hoovers com>]

There are the 3 tenants of security, but what is missing is a how to
divide and categorize all compliance events.  There was something I read
somewhere (sorry I forgot the resource) that divided compliance events
into two categories.

Cat 1
Avoidable
Predictable
Benign

Cat 2
Intentional
Unavoidable
Malicious

These are the "ying-and-yang" of determining compliance incident
classification.  Category 1 events are controllable with the appropriate
controls in place.  Sometimes humans make mistakes.  Category 2 events
are when someone intentionally is doing something for personal gain.

Your incident was neither.  It was a Compliance Event that needed to be
reported, but perhaps not escalated to the management, but that depends
on your Security and Compliance Framework. 

Mark Palmer
-----

The information contained in this communication is confidential. This
communication is the property of Hoover's, Inc. and is intended only for
the use of the addressee. If you are not the intended recipient, please
notify me promptly and delete the message. Any distribution or copying
of this message without my prior consent is prohibited.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of ttate () ctscorp com
Sent: Tuesday, October 10, 2006 3:06 AM
To: security-basics () securityfocus com
Subject: Security incident or operational incident?

As we all know, the tenets of information security are confidentiality,
integrity & availability. How do you separate out an operational
incident from a security incident? For example, is it a security
incident or operational incident when an admin accidentally deletes an
OU in AD containing users or computers when working in the GPO
management console? The admin is authorized to perform all and any tasks
in AD. In this case by deleting the OU, the users no longer had access
to the system, hence the availability tenet comes into play. But the
issue was not caused by some malicious intent but by a perceived flaw in
the Microsoft application. Who would think that you could delete OU's in
the GPO management console? 
Thanks for your thoughts. 
Regards, 
Troy

------------------------------------------------------------------------
---
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic
Excellence 
in Information Security. Our program offers unparalleled Infosec
management 
education and the case study affords you unmatched consulting
experience. 
Using interactive e-Learning technology, you can earn this esteemed
degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------