RE: What defines an "incident"? - Part 2

[Bob Radvanovsky <rsradvan () unixworks net>]

Henceforth, such that an "event" is either: (1) an un-acknowledged "attack", or (2) is an "attack" that has not been 
proven as an "attack".

OK...makes sense regarding "incident" because it correlates to a place and time.  Is the correlation between a place 
and time required?  If so, what constitutes the correlation factors?

-rad 

----- Original Message -----
From: Craig Wright [mailto:cwright () bdosyd com au]
To: Craig Wright [mailto:cwright () bdosyd com au], security-basics () securityfocus com
Cc: Bob Radvanovsky [mailto:rsradvan () unixworks net]
Subject: RE: What defines an "incident"? - Part 2


> Hi again,
>
> CERT/CC held a number of workshops in 1997/1998 with representatives
> from the DoD, NIST, Sandia etc. One of the Results from this was a
> preliminary taxonomy for computer security terms.
>
> From this an event was to defined to involve one Action and one target.
>
> To "steal" a quote without fully referencing it this time (hay I have to
> leave something for everyone else to look up...)
>
> Event - An action directed at a target that is intended to result in a
> change of state, or status, of the target.
>
> A Process would thus include actions to probe, scan, authenticate,
> bypass or flood a running computer process or execution thread.
>
> Incident - A group of attacks that can be distinguished from other
> attacks because of the attackers, attacks, objectives, sites, and
> timing.
>
> Etc and I can go on or read the following:
> Radatz, John, ed. (1996) "The IEEE Standard Dictionary of Electrical and
> Electronic Terms", 6th ed. (NY: Institute of Electrical and electronic
> Engineers), p 1087.
>
> Howard, John D (April 1997) "An Analysis of Security Incidents on the
> Internet, 1989-1995, PhD dissertation", Pittsburgh, PA: Dept. of
> Engineering and Public Policy, Carnegie Mellon University (see also
> Http://www.cert.org)
>
> So from this we have;
>       People attack computers
>       People attack for a variety of objectives (what they intend to
> accomplish)

> Regards
> Craig
>
>
>
> Liability limited by a scheme approved under Professional Standards
> Legislation in respect of matters arising within those States and
> Territories of Australia where such legislation exists.
>
> DISCLAIMER
> The information contained in this email and any attachments is confidential.
> If you are not the intended recipient, you must not use or disclose the
> information. If you have received this email in error, please inform us
> promptly by reply email or by telephoning +61 2 9286 5555. Please delete the
> email and destroy any printed copy. 

> Any views expressed in this message are those of the individual sender. You
> may not rely on this message as advice unless it has been electronically
> signed by a Partner of BDO or it is subsequently confirmed by letter or fax
> signed by a Partner of BDO.
>
> BDO accepts no liability for any damage caused by this email or its
> attachments due to viruses, interference, interception, corruption or
> unauthorised access.

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------