Educause Security Discussion mailing list archives
Re: Incident Classifications
From: Wes Young <wcyoung () BUFFALO EDU>
Date: Mon, 24 Dec 2007 14:44:00 -0500
I just wanted to thank everyone who responded. The information presented was extremely helpful and should provide a good path. Thanks again and happy holidays! Wes Young wrote:
I'm in the process of overhauling our current incident handling system that we've been running for a few years. I am at the point of revamping how we classify incidents and the questions struck me... "will this actually scale" and "at this point, do I actually care that it was connecting to a botnet"? In the past we've used things such as: Spamming Virus DDos Remote Compromise Botnet etc... Coming purely from a network perspective, or even more so, a risk-management based perspective, do I really care what the host was doing while it was hosed? I'm more interested in classifying the risk of the incident longer term. Maybe a little more description than "Severity 1, 2, etc...", but along the same lines.... Something that describes the risk and makes it easy to tie to an easily perceptive value.... Does anyone know/have a commonly used framework for stuff like this?
-- Wes Young Network Security Analyst University at Buffalo ----------------------------------------------- | my OpenID: | http://tinyurl.com/2zu2d3 | -----------------------------------------------
Current thread:
- Incident Classifications Wes Young (Dec 20)
- <Possible follow-ups>
- Re: Incident Classifications Aaron Wade (Dec 20)
- Re: Incident Classifications Roger Safian (Dec 20)
- Re: Incident Classifications Hull, Dave (Dec 20)
- Re: Incident Classifications Bill Brinkley (Dec 20)
- Re: Incident Classifications Wes Young (Dec 24)