Educause Security Discussion mailing list archives
Re: Incident Classifications
From: Roger Safian <r-safian () NORTHWESTERN EDU>
Date: Thu, 20 Dec 2007 10:54:00 -0600
At 10:10 AM 12/20/2007, Wes Young put fingers to keyboard and wrote:
Coming purely from a network perspective, or even more so, a risk-management based perspective, do I really care what the host was doing while it was hosed? I'm more interested in classifying the risk of the incident longer term. Maybe a little more description than "Severity 1, 2, etc...", but along the same lines.... Something that describes the risk and makes it easy to tie to an easily perceptive value....
We use a system where we try to put the incidents into a variety of pools, such as virus, dmca, etc. We combine that with a severity rating. So a virus incident, with a severity of 1 (the least severe) might not be a big deal, but the same virus with a severity of 3 (the most severe) is. This system recognizes that the differences within a category and ties those differences to risk exposure (usually of PII). -- Roger A. Safian r-safian () northwestern edu (email) public key available on many key servers. (847) 491-4058 (voice) (847) 467-6500 (Fax) "You're never too old to have a great childhood!"
Current thread:
- Incident Classifications Wes Young (Dec 20)
- <Possible follow-ups>
- Re: Incident Classifications Aaron Wade (Dec 20)
- Re: Incident Classifications Roger Safian (Dec 20)
- Re: Incident Classifications Hull, Dave (Dec 20)
- Re: Incident Classifications Bill Brinkley (Dec 20)
- Re: Incident Classifications Wes Young (Dec 24)