Educause Security Discussion mailing list archives
Re: Software for Tracking Security Incidents
From: "Mclaughlin, Kevin (mclaugkl)" <mclaugkl () UCMAIL UC EDU>
Date: Thu, 29 Mar 2007 10:09:19 -0400
I like the open source idea for CIRDB. Jim, we would be interested in participating if you have any luck on that front. -Kevin Kevin L. McLaughlin CISM, CISSP, PMP, ITIL Master Certified Director, Information Security University of Cincinnati 513-556-9177 (w) 513-703-3211 (m) 513-558-ISEC (department) CONFIDENTIALITY NOTICE: This e-mail message and its content is confidential, intended solely for the addressee, and may be legally privileged. Access to this message and its content by any individual or entity other than those identified in this message is unauthorized. If you are not the intended recipient, any disclosure, copying or distribution of this e-mail may be unlawful. Any action taken or omitted due to the content of this message is prohibited and may be unlawful. -----Original Message----- From: James Moore [mailto:jhmiso () RIT EDU] Sent: Thursday, March 29, 2007 10:03 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Software for Tracking Security Incidents CIRDB is dead, long live the CIRDB. I went to look up the web reference, and found that the CIRDB has is not being maintained. (https://cirdb.cerias.purdue.edu/ ). I will check to see if this could be transitioned to open source or Creative Commons licensing, to see if it is possible to integrate the IP with other systems. What would probably be the most difficult are the security and architecture of the queues and queue navigation. Most of the other features really have to do with schema, and methods. There is a lot of good thought that went into the schema (what data do you collect, what data do you need in different types of incidents), how it is presented, what are the views (handler, trend analysis, management reporting, security research). The templating methods were also first rate. All in all, my hat is off to Pascal Meunier for a great product that may have been ahead of its time. Jim -----Original Message----- From: Kevin Dover [mailto:kdover () brocku ca] Sent: Wednesday, March 28, 2007 6:46 PM To: James Moore Subject: Re: [SECURITY] Software for Tracking Security Incidents Jim Is this application available for use by other universities, and if it is, how is it acquired? Thanks Kevin Brock University -----Original Message----- From: James Moore <jhmiso () RIT EDU> Date: Wed, 28 Mar 2007 17:21:07 To:SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Software for Tracking Security Incidents Purdue developed a product called the CERIAS incident response database. RIT provided some design review and debugging support. We ran out of funds and manpower to create a user-friendly system administrators manual. It had a lot of great features - a hierarchy based system for the protection of the confidentiality of incident information - me ability to skip certain types of identity information to provide trend analysis / statistics - templating systems for common incident types - templating system for computer registration, including capability to describe defenses and types of data - robust contact information capability - ability for students to record compromises that they had experienced jim -----Original Message----- From: Matthew Keller [mailto:kellermg () POTSDAM EDU] Sent: Wednesday, March 28, 2007 5:12 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Software for Tracking Security Incidents RTIR http://bestpractical.com/rtir/ While not a commercial product, Best Practical will take your money for support if you have too much of it. On Wed, 2007-03-28 at 13:17 -0400, Brenda B Gombosky wrote:
What is everyone using to track their incidents? Does anyone know of a commercial product?
-- Matthew Keller Information Security Officer/Network Administrator Computing & Technology Services State University of New York @ Potsdam Potsdam, NY, USA http://mattwork.potsdam.edu/
Attachment:
smime.p7s
Description:
Current thread:
- Software for Tracking Security Incidents Brenda B Gombosky (Mar 28)
- <Possible follow-ups>
- Re: Software for Tracking Security Incidents Steve Brukbacher (Mar 28)
- Re: Software for Tracking Security Incidents Pace, Guy (Mar 28)
- Re: Software for Tracking Security Incidents Rick Coloccia (Mar 28)
- Re: Software for Tracking Security Incidents Bill Kyle (Mar 28)
- Re: Software for Tracking Security Incidents Everett, Alex (Mar 28)
- Re: Software for Tracking Security Incidents Matthew Keller (Mar 28)
- Re: Software for Tracking Security Incidents James Moore (Mar 28)
- Re: Software for Tracking Security Incidents James Moore (Mar 29)
- Re: Software for Tracking Security Incidents Mclaughlin, Kevin (mclaugkl) (Mar 29)
- Re: Software for Tracking Security Incidents Jonny Sweeny (Mar 29)