Security Basics mailing list archives
Security incident or operational incident?
From: ttate () ctscorp com
Date: Tue, 10 Oct 2006 8:05:51 AM+0400
As we all know, the tenets of information security are confidentiality, integrity & availability. How do you separate out an operational incident from a security incident? For example, is it a security incident or operational incident when an admin accidentally deletes an OU in AD containing users or computers when working in the GPO management console? The admin is authorized to perform all and any tasks in AD. In this case by deleting the OU, the users no longer had access to the system, hence the availability tenet comes into play. But the issue was not caused by some malicious intent but by a perceived flaw in the Microsoft application. Who would think that you could delete OU's in the GPO management console? Thanks for your thoughts. Regards, Troy --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Security incident or operational incident? ttate (Oct 10)
- Re: Security incident or operational incident? sami seclist (Oct 10)
- <Possible follow-ups>
- RE: Security incident or operational incident? Mark Palmer (Oct 10)
- FW: Security incident or operational incident? Laundrup, Jens (Oct 13)