Re: Software for Tracking Security Incidents

["Mclaughlin, Kevin (mclaugkl)" <mclaugkl () UCMAIL UC EDU>]

I like the open source idea for CIRDB.  Jim, we would be interested in
participating if you have any luck on that front.

-Kevin


Kevin L. McLaughlin
CISM, CISSP, PMP, ITIL Master Certified
Director, Information Security
University of Cincinnati
513-556-9177 (w)
513-703-3211 (m)
513-558-ISEC (department)





CONFIDENTIALITY NOTICE: This e-mail message and its content is confidential,
intended solely for the addressee, and may be legally privileged. Access to
this message and its content by any individual or entity other than those
identified in this message is unauthorized. If you are not the intended
recipient, any disclosure, copying or distribution of this e-mail may be
unlawful. Any action taken or omitted due to the content of this message is
prohibited and may be unlawful.



-----Original Message-----
From: James Moore [mailto:jhmiso () RIT EDU]
Sent: Thursday, March 29, 2007 10:03 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Software for Tracking Security Incidents

CIRDB is dead, long live the CIRDB.

I went to look up the web reference, and found that the CIRDB has is not
being maintained. (https://cirdb.cerias.purdue.edu/ ).  I will check to
see if this could be transitioned to open source or Creative Commons
licensing, to see if it is possible to integrate the IP with other
systems.  What would probably be the most difficult are the security and
architecture of the queues and queue navigation.  Most of the other
features really have to do with schema, and methods.  There is a lot of
good thought that went into the schema (what data do you collect, what
data do you need in different types of incidents), how it is presented,
what are the views (handler, trend analysis, management reporting,
security research).  The templating methods were also first rate.

All in all, my hat is off to Pascal Meunier for a great product that may
have been ahead of its time.

Jim

-----Original Message-----
From: Kevin Dover [mailto:kdover () brocku ca]
Sent: Wednesday, March 28, 2007 6:46 PM
To: James Moore
Subject: Re: [SECURITY] Software for Tracking Security Incidents

Jim

Is this application available for use by other universities, and if it
is, how is it acquired?

Thanks
Kevin
Brock University


-----Original Message-----
From: James Moore <jhmiso () RIT EDU>
Date:         Wed, 28 Mar 2007 17:21:07
To:SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Software for Tracking Security Incidents

Purdue developed a product called the CERIAS incident response database.
RIT provided some design review and debugging support.  We ran out of
funds and manpower to create a user-friendly system administrators
manual.

It had a lot of great features
 - a hierarchy based system for the protection of the confidentiality of
incident information
 - me ability to skip certain types of identity information to provide
trend analysis / statistics
 - templating systems for common incident types
 - templating system for computer registration, including capability to
describe defenses and types of data
 - robust contact information capability
 - ability for students to record compromises that they had experienced

jim

-----Original Message-----
From: Matthew Keller [mailto:kellermg () POTSDAM EDU]
Sent: Wednesday, March 28, 2007 5:12 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Software for Tracking Security Incidents

RTIR http://bestpractical.com/rtir/

While not a commercial product, Best Practical will take your money for
support if you have too much of it.

On Wed, 2007-03-28 at 13:17 -0400, Brenda B Gombosky wrote:
> What is everyone using to track their incidents?  Does anyone know of
> a commercial product?

--
Matthew Keller
Information Security Officer/Network Administrator Computing &
Technology Services State University of New York @ Potsdam Potsdam, NY,
USA http://mattwork.potsdam.edu/

Attachment: smime.p7s
Description: