Re: Information Security Incidents

["Adam Pal" <pal_adam () gmx net>]

Hi Dan,

Is an failed login a security related incident? Are 20 failed logins within 1 minute a security related incident?
I suggest to understand a security related incident as a deviation from the security policy, following the CIA. For 
instance business continuity is a loss of availability (A).

 
Regards,
Adam

-------- Original-Nachricht --------
> Datum: Wed, 23 Sep 2009 13:12:07 +0300
> Von: Dan Vultur <Dan.Vultur () btrl ro>
> An: "security-basics () securityfocus com" <security-basics () securityfocus com>
> Betreff: Information Security Incidents

> Hello list,
>
> In our company we are trying to develop an in-house application which will
> collect all information security related incidents. The developers of this
> applications are asking me what criteria should be there in the
> scroll-down.
>
> On the fly I am thinking at the following criteria:
>
> -  unauthorized access,
> -  business continuity
> -  loss of confidentiality
> -  etc
>
> Can you please give me some advice on which criteria should be used if you
> have implemented a well-known solution on this aspect.
>
> Many thanks,
>
> Dan
>
>
>
> Acest e-mail con?ine informatii care pot fi, partial sau ?n ?ntregime,
> protejate de lege. Orice utilizare sau transmitere neautorizata a acestui
> mesaj, totala sau partiala, este strict interzisa. Aceste informatii sunt
> adresate doar destinatarului si pot sa nu exprime punctele de vedere ale Bancii
> Transilvania. ?n cazul ?n care o eroare de transmitere a directionat gresit
> acest e-mail, va rugam sa notificati autorul printr-un raspuns la mesaj.
> Daca nu sunteti destinatarul vizat, nu aveti permisiunea sa dezvaluiti, sa
> distribuiti, sa copiati, sa tipariti sau sa utilizati acest e-mail.
>
> This e-mail contains proprietary information some or all of which may be
> legally privileged. Any unauthorized use or dissemination is prohibited. It
> is for the intended recipient only and does not express the views of Banca
> Transilvania S.A.  If an addressing or transmission error has misdirected
> this e-mail, please notify the author by replying to this e-mail.  If you
> are not the intended recipient you must not use, disclose, distribute, copy,
> print, or rely on this e-mail.
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL
> certificate.  We look at how SSL works, how it benefits your company and
> how your customers can tell if a site is secure. You will find out how to
> test, purchase, install and use a thawte Digital Certificate on your Apache
> web server. Throughout, best practices for set-up are highlighted to help
> you ensure efficient ongoing management of your encryption keys and digital
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------

-- 
GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT!
Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------