Re: Intrusion Risk Assessment

["Fernando Cardoso" <fernando.cardoso () whatevernet com>]

Something that might help you is Common Criteria's "Characterisation of
Attack Potential" draft. Check it out in
http://www.commoncriteria.org/review_docs/docs/AttackPotentialv05.pdf


Fernando



> Anyone know of any IDS risk assessment matrixes out there?  I'm 
> looking for something like the following:
>
> Rating                                Severity
> 1  No Damage                  a.      Not possible to exploit (or)
>                               b.      No damage (or)
>                               c.      Hoax
>                                
> 2 Harassment                  a.      Possible damage, unconfirmed (or)
>                               b.      Temporarily shuts down services and/or 
> temporarily prevents access to information
>
> 3 Minor Damage                        a.      Short-term impact (or)
>                               b.      Exploit allows access to view files (or)
>                               c.      Minimal effort required to recover
>
> 4 Moderate Damage             a.      The exploit is easy to perform (or)
>                               b.      Important systems can be effected with 
> administrative compromise (or)
>                               c.      Exploit allows full access to files (or)
>                               d.      Long-term effects, significant effort 
> may be required to recover
>
> 5 Heavy Damage                a.      The exploit is easy to perform (and)
>                               b.      An exploit will cause severe damage to 
> multiple computers (and/or)
>                               c.      Requires reinstallation or recovery 
> from backup
>
>
> Robert Huber
> Bank One Information Security
> Phone: 302-282-2234
> Pager: 888-646-3502
>
>
>
> **********************************************************************
> This transmission may contain information that is privileged, 
> confidential and/or exempt from disclosure under applicable law. If 
> you are not the intended recipient, you are hereby notified that 
> any disclosure, copying, distribution, or use of the information 
> contained herein (including any reliance thereon) is STRICTLY 
> PROHIBITED. If you received this transmission in error, please 
> immediately contact the sender and destroy the material in its 
> entirety, whether in electronic or hard copy format. Thank you
> **********************************************************************



WhatEverNet Computing, S.A.                http://www.whatevernet.com
Praça de Alvalade, n.º 6 - 6.º piso        Tel: +351 217994200
1700-036 Lisboa, PORTUGAL                  Fax: +351 217994242
_____________________________________________________________________
                      INTERNET MAIL FOOTER 
A presente mensagem pode conter informação considerada confidencial.
Se o receptor desta mensagem não for o destinatário indicado, fica
expressamente proibido de copiar ou endereçar a mensagem a terceiros.
Em tal situação, o receptor deverá destruir a presente mensagem e por
gentileza informar o emissor de tal facto.
---------------------------------------------------------------------
Privileged or confidential information may be contained in this
message. If you are not the addressee indicated in this message, you
may not copy or deliver this message to anyone. In such case, you
should destroy this message and kindly notify the sender by reply
email.
---------------------------------------------------------------------