RE: What defines an "incident"? - Part 2

Henceforth, such that an "event" is either: (1) an un-acknowledged "attack", or (2) is an "attack" that has not been proven as an "attack".

OK...makes sense regarding "incident" because it correlates to a place and time. Is the correlation between a place and time required? If so, what constitutes the correlation factors?


----- Original Message -----
From: Craig Wright [mailto:cwright@xxxxxxxxxxxxx]
To: Craig Wright [mailto:cwright@xxxxxxxxxxxxx], security-basics@xxxxxxxxxxxxxxxxx
Cc: Bob Radvanovsky [mailto:rsradvan@xxxxxxxxxxxxx]
Subject: RE: What defines an "incident"? - Part 2

Hi again,

CERT/CC held a number of workshops in 1997/1998 with representatives
from the DoD, NIST, Sandia etc. One of the Results from this was a
preliminary taxonomy for computer security terms.

From this an event was to defined to involve one Action and one target..

To "steal" a quote without fully referencing it this time (hay I have to
leave something for everyone else to look up...)

Event - An action directed at a target that is intended to result in a
change of state, or status, of the target.

A Process would thus include actions to probe, scan, authenticate,
bypass or flood a running computer process or execution thread.

Incident - A group of attacks that can be distinguished from other
attacks because of the attackers, attacks, objectives, sites, and

Etc and I can go on or read the following:
Radatz, John, ed. (1996) "The IEEE Standard Dictionary of Electrical and
Electronic Terms", 6th ed. (NY: Institute of Electrical and electronic
Engineers), p 1087.

Howard, John D (April 1997) "An Analysis of Security Incidents on the
Internet, 1989-1995, PhD dissertation", Pittsburgh, PA: Dept. of
Engineering and Public Policy, Carnegie Mellon University (see also

So from this we have;
People attack computers
People attack for a variety of objectives (what they intend to


Liability limited by a scheme approved under Professional Standards
Legislation in respect of matters arising within those States and
Territories of Australia where such legislation exists.

The information contained in this email and any attachments is confidential.
If you are not the intended recipient, you must not use or disclose the
information. If you have received this email in error, please inform us
promptly by reply email or by telephoning +61 2 9286 5555. Please delete the
email and destroy any printed copy.

Any views expressed in this message are those of the individual sender. You
may not rely on this message as advice unless it has been electronically
signed by a Partner of BDO or it is subsequently confirmed by letter or fax
signed by a Partner of BDO.

BDO accepts no liability for any damage caused by this email or its
attachments due to viruses, interference, interception, corruption or
unauthorised access.

The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

Relevant Pages

  • RE: What defines an "incident"? - Part 2
    ... <Is the correlation between a place and time required? ... Subject: What defines an "incident"? ... Incident - A group of attacks that can be distinguished from other ... confirmed by letter or fax signed by a Partner of BDO. ...
  • Re: Videotaped "Knockout Game" Attack On Elderly Woman
    ... My point was, of course, that you may have found a correlation, but correlations are a dime a dozen. ... frequency that knockout attacks occur, what is the ratio of black on ... One reason you are inclined to do that is because only Big Government can solve these enormous problems, ...
  • Thank God I dont belong to Glasgow.
    ... Officers have been treating that incident and attacks on other male ... He suffered multiple stab wounds and Strathclyde Police said staff at ...
  • Re: OT Obama opts out of public campaign finance system
    ... There were more attacks planned. ... We went into Iraq in '03. ... There's your correlation. ... if his lawn was a mess and the town ...
  • Re: Why?
    ... police state. ... locale to the USA and Canada. ... One incident and they invade two countries ... were really *two* incidents in close succession: the al Q attacks on ...