Re: Security incident or operational incident?

["sami seclist" <sg.seclists () gmail com>]

hello,
Because availability or even continuity in this case came into place,
It can be considered as a security incident.
Protective measures could be adequate training of administrators and
system backup.
Other measures like incident handling, recovery procedures etc...
could help to quickly recover an operational state, and analyse
incident's causes,to avoid repetition.

---
sami

-------------------------------
> Tue, 10 Oct 2006 8:05:51 AM+0400, ttate () ctscorp com <ttate () ctscorp com>:
> As we all know, the tenets of information security are confidentiality, integrity & >availability. How do you separate out an operational 
> incident from a security incident? For >example, is it a security incident or operational incident when an admin accidentally >deletes an OU in AD 
> containing users or computers when working in the GPO >management console? The admin is authorized to perform all and any tasks in AD. In this 
> >case by deleting the OU, the users no longer had access to the system, hence the >availability tenet comes into play. But the issue was not 
> caused by some malicious intent >but by a perceived flaw in the Microsoft application. Who would think that you could delete >OU's in the GPO 
> management console?
> Thanks for your thoughts.
> Regards,
> Troy

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------