Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Incident Classifications

From: Roger Safian <r-safian () NORTHWESTERN EDU>
Date: Thu, 20 Dec 2007 10:54:00 -0600
At 10:10 AM 12/20/2007, Wes Young put fingers to keyboard and wrote:

Coming purely from a network perspective, or even more so, a
risk-management based perspective, do I really care what the host was
doing while it was hosed? I'm more interested in classifying the risk of
the incident longer term. Maybe a little more description than "Severity
1, 2, etc...", but along the same lines.... Something that describes the
risk and makes it easy to tie to an easily perceptive value....


We use a system where we try to put the incidents into a variety of
pools, such as virus, dmca, etc.  We combine that with a severity
rating.  So a virus incident, with a severity of 1 (the least severe)
might not be a big deal, but the same virus with a severity of 3 (the
most severe) is.  This system recognizes that the differences within a
category and ties those differences to risk exposure (usually of PII).


--
Roger A. Safian
r-safian () northwestern edu (email) public key available on many key servers.
(847) 491-4058   (voice)
(847) 467-6500   (Fax) "You're never too old to have a great childhood!"
Previous By Date Next
Previous By Thread Next

Current thread: