Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Incident Classifications

From: Wes Young <wcyoung () BUFFALO EDU>
Date: Mon, 24 Dec 2007 14:44:00 -0500
I just wanted to thank everyone who responded. The information presented
was extremely helpful and should provide a good path.

Thanks again and happy holidays!

Wes Young wrote:

I'm in the process of overhauling our current incident handling system
that we've been running for a few years. I am at the point of revamping
how we classify incidents and the questions struck me... "will this
actually scale" and "at this point, do I actually care that it was
connecting to a botnet"?

In the past we've used things such as:

Spamming
Virus
DDos
Remote Compromise
Botnet

etc...


Coming purely from a network perspective, or even more so, a
risk-management based perspective, do I really care what the host was
doing while it was hosed? I'm more interested in classifying the risk of
the incident longer term. Maybe a little more description than "Severity
1, 2, etc...", but along the same lines.... Something that describes the
risk and makes it easy to tie to an easily perceptive value....

Does anyone know/have a commonly used framework for stuff like this?


--
Wes Young
Network Security Analyst
University at Buffalo
 -----------------------------------------------
| my OpenID:        | http://tinyurl.com/2zu2d3 |
 -----------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: