Get documents about "Information Security Policies Samples
Description
Information Security Policies Samples document sample
Document Sample
Notification and/or Involvement
Departmental Internal External
Enterprise Network Administration
Enterprise Security Administration
Law Enforcement - State/Regional
Other Incident Response Teams
Telecommunications Providers
Incident Reporting Organizations
Owners of Attacking Address
Information Security Officer
Federal Cybercrime agencies
Law Enforcement - Local
Network Administration
Affected External Party
Peer Security Officers
System Administrator
Dept. Management
Organization's ISP
Human Resources
Risk Management
Legal Department
Save to Archives
Software Vendor
Privacy Officer
Record Event
Public Affairs
IT support
CERT/CC
Auto-Log
Media
CIO
Event (alleged?)
Precursors and Indications
Port Scanning
Single Workstation
Group of Workstations
Server(s)
Entire Subnet/department
IDS indicates buffer overflow attempt against server(s)
Auditing configuration change on host
Web server crash
Filename with unusual characters
Multiple failed login attempts from unfamiliar remote system
Large number of bounced emails with suspicious content
Unusual deviation from typical network traffic flows
Denial of Service
Single Workstation
Group of Workstations
Server(s)
Entire Subnet/department
Campus-Wide
Malicious Code (Virus, Worm, Trojan, etc.)
Single Workstation
Group of Workstations
Entire Subnet/department
File Integrity degradation - Workstation
File Integrity degradation - Server
Unauthorized Access
External
Hacker runs exploit tool to access server password file
Unauthorized user
Internal
Authorized user w/o need to know
Unauthorized user
Unauthorized user - ID/Password violation
Inappropriate Usage
Workstation
Internet
Email
Privacy
Privacy Breach
Publicized Privacy Breach
Other (Please use space below for additional event types)
Definitions and examples from NIST 800-61 "Computer Security Incident Handling Guide"
http://csrc.nist.gov/publications/nistpubs/800-61/sp800-61.pdf
Definitions and Examples:
Event : any observable occurrence in a system or network.
Incident : a violation or imminent threat of violation of:
* computer security policies
* acceptable use policies
* standard security practices
Precursor : a sign that an incident may occur in the future
Indication : a sign that an incident may have occurred or may be occurring
Denial of Service : an attack that prevents or impairs the authorized use of networks, systems, or application by exhausting resources
Examples:
1) An attacker sends specially crafted packets to a Web server, causing it to crash
2) An attacker directs hundreds of external compromised workstations to send as many ICMP requests as possiible to the organization's network
Malicious Code : a virus, worm, Trojan horse, or other code-based malicioius entity that infects a host
Examples:
1) A worm uses open file shares to quickly infect seveal hundred workstations within an organization
2) An organization receives a warning from an antivirus vendor that a new virus is spreading rapidly via e-mail throughout the Internet. The virus takes advantage of a vulnerability that is present in
many of the organization's hosts. Based on previous antivirus incidents, the organization expects that the new virus will infect some of its hosts within the next three hours.
Unauthorized access : a person gains logical or physical access without permission to a network, system, application, data, or other resource
Examples:
1) An attacker runs an exploit tool to gain access to a server's password file.
2) A perpetrator obtains unauthorized administrator-level access to a system and then threatens the victim that the details of the break-in will be released to the press if the organization does not pay a
designated sum of money.
Inappropriate usage : a person violates acceptable computing use policies
Examples:
1) a user provides illegal copies of software to others through peer-to-peer file sharing services.
2) a person threatens another person through e-mail
http://csrc.nist.gov/publications/nistpubs/800-61/sp800-61.pdf NIST INCIDENT HANDLING GUIDE
Definitions and examples from NIST 800-61 "Computer Security Incident Handling Guide"
http://csrc.nist.gov/publications/nistpubs/800-61/sp800-61.pdf
Related docs
Other docs by uma11431
Investigation of the Overall Order of Reaction Between Hydrogen Peroxide and Iodide in Acidic Medium
Views: 513 | Downloads: 0
FIELD CONTACT REQUEST Veritas National Field Service PO Box 271165 Flower Mound Tex
Views: 71 | Downloads: 0
