Henceforth, such that an "event" is either: (1) an un-acknowledged "attack", or
(2) is an "attack" that has not been proven as an "attack".
OK...makes sense regarding "incident" because it correlates to a place and
time. Is the correlation between a place and time required? If so, what
constitutes the correlation factors?
-rad
----- Original Message -----
From: Craig Wright [mailto:cwright@bdosyd.com.au]
To: Craig Wright [mailto:cwright@bdosyd.com.au],
security-basics@securityfocus.com
Cc: Bob Radvanovsky [mailto:rsradvan@unixworks.net]
Subject: RE: What defines an "incident"? - Part 2
Hi again,
CERT/CC held a number of workshops in 1997/1998 with representatives
from the DoD, NIST, Sandia etc. One of the Results from this was a
preliminary taxonomy for computer security terms.
From this an event was to defined to involve one Action and one target.
To "steal" a quote without fully referencing it this time (hay I have to
leave something for everyone else to look up...)
Event - An action directed at a target that is intended to result in a
change of state, or status, of the target.
A Process would thus include actions to probe, scan, authenticate,
bypass or flood a running computer process or execution thread.
Incident - A group of attacks that can be distinguished from other
attacks because of the attackers, attacks, objectives, sites, and
timing.
Etc and I can go on or read the following:
Radatz, John, ed. (1996) "The IEEE Standard Dictionary of Electrical and
Electronic Terms", 6th ed. (NY: Institute of Electrical and electronic
Engineers), p 1087.
Howard, John D (April 1997) "An Analysis of Security Incidents on the
Internet, 1989-1995, PhD dissertation", Pittsburgh, PA: Dept. of
Engineering and Public Policy, Carnegie Mellon University (see also
Http://www.cert.org)
So from this we have;
People attack computers
People attack for a variety of objectives (what they intend to
accomplish)
Regards
Craig
Liability limited by a scheme approved under Professional Standards
Legislation in respect of matters arising within those States and
Territories of Australia where such legislation exists.
DISCLAIMER
The information contained in this email and any attachments is confidential.
If you are not the intended recipient, you must not use or disclose the
information. If you have received this email in error, please inform us
promptly by reply email or by telephoning +61 2 9286 5555. Please delete the
email and destroy any printed copy.
Any views expressed in this message are those of the individual sender. You
may not rely on this message as advice unless it has been electronically
signed by a Partner of BDO or it is subsequently confirmed by letter or fax
signed by a Partner of BDO.
BDO accepts no liability for any damage caused by this email or its
attachments due to viruses, interference, interception, corruption or
unauthorised access.
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
