Re: Intrusion Risk Assessment

From: Fernando Cardoso (
Date: 01/07/03

  • Next message: Greg van der Gaast: "RE: IDS Common Criteria"
    From: "Fernando Cardoso" <>
    To: <>
    Date: Wed, 08 Jan 2003 09:58:19 +2400

    Something that might help you is Common Criteria's "Characterisation of
    Attack Potential" draft. Check it out in


    > Anyone know of any IDS risk assessment matrixes out there? I'm
    > looking for something like the following:
    > Rating Severity
    > 1 No Damage a. Not possible to exploit (or)
    > b. No damage (or)
    > c. Hoax
    > 2 Harassment a. Possible damage, unconfirmed (or)
    > b. Temporarily shuts down services and/or
    > temporarily prevents access to information
    > 3 Minor Damage a. Short-term impact (or)
    > b. Exploit allows access to view files (or)
    > c. Minimal effort required to recover
    > 4 Moderate Damage a. The exploit is easy to perform (or)
    > b. Important systems can be effected with
    > administrative compromise (or)
    > c. Exploit allows full access to files (or)
    > d. Long-term effects, significant effort
    > may be required to recover
    > 5 Heavy Damage a. The exploit is easy to perform (and)
    > b. An exploit will cause severe damage to
    > multiple computers (and/or)
    > c. Requires reinstallation or recovery
    > from backup
    > Robert Huber
    > Bank One Information Security
    > Phone: 302-282-2234
    > Pager: 888-646-3502
    > **********************************************************************
    > This transmission may contain information that is privileged,
    > confidential and/or exempt from disclosure under applicable law. If
    > you are not the intended recipient, you are hereby notified that
    > any disclosure, copying, distribution, or use of the information
    > contained herein (including any reliance thereon) is STRICTLY
    > PROHIBITED. If you received this transmission in error, please
    > immediately contact the sender and destroy the material in its
    > entirety, whether in electronic or hard copy format. Thank you
    > **********************************************************************

    WhatEverNet Computing, S.A.
    Praça de Alvalade, n.º 6 - 6.º piso Tel: +351 217994200
    1700-036 Lisboa, PORTUGAL Fax: +351 217994242
                          INTERNET MAIL FOOTER
    A presente mensagem pode conter informação considerada confidencial.
    Se o receptor desta mensagem não for o destinatário indicado, fica
    expressamente proibido de copiar ou endereçar a mensagem a terceiros.
    Em tal situação, o receptor deverá destruir a presente mensagem e por
    gentileza informar o emissor de tal facto.
    Privileged or confidential information may be contained in this
    message. If you are not the addressee indicated in this message, you
    may not copy or deliver this message to anyone. In such case, you
    should destroy this message and kindly notify the sender by reply