Educause Security Discussion mailing list archives
Re: Software for Tracking Security Incidents
From: James Moore <jhmiso () RIT EDU>
Date: Thu, 29 Mar 2007 10:03:00 -0400
CIRDB is dead, long live the CIRDB. I went to look up the web reference, and found that the CIRDB has is not being maintained. (https://cirdb.cerias.purdue.edu/ ). I will check to see if this could be transitioned to open source or Creative Commons licensing, to see if it is possible to integrate the IP with other systems. What would probably be the most difficult are the security and architecture of the queues and queue navigation. Most of the other features really have to do with schema, and methods. There is a lot of good thought that went into the schema (what data do you collect, what data do you need in different types of incidents), how it is presented, what are the views (handler, trend analysis, management reporting, security research). The templating methods were also first rate. All in all, my hat is off to Pascal Meunier for a great product that may have been ahead of its time. Jim -----Original Message----- From: Kevin Dover [mailto:kdover () brocku ca] Sent: Wednesday, March 28, 2007 6:46 PM To: James Moore Subject: Re: [SECURITY] Software for Tracking Security Incidents Jim Is this application available for use by other universities, and if it is, how is it acquired? Thanks Kevin Brock University -----Original Message----- From: James Moore <jhmiso () RIT EDU> Date: Wed, 28 Mar 2007 17:21:07 To:SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Software for Tracking Security Incidents Purdue developed a product called the CERIAS incident response database. RIT provided some design review and debugging support. We ran out of funds and manpower to create a user-friendly system administrators manual. It had a lot of great features - a hierarchy based system for the protection of the confidentiality of incident information - me ability to skip certain types of identity information to provide trend analysis / statistics - templating systems for common incident types - templating system for computer registration, including capability to describe defenses and types of data - robust contact information capability - ability for students to record compromises that they had experienced jim -----Original Message----- From: Matthew Keller [mailto:kellermg () POTSDAM EDU] Sent: Wednesday, March 28, 2007 5:12 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Software for Tracking Security Incidents RTIR http://bestpractical.com/rtir/ While not a commercial product, Best Practical will take your money for support if you have too much of it. On Wed, 2007-03-28 at 13:17 -0400, Brenda B Gombosky wrote:
What is everyone using to track their incidents? Does anyone know of a commercial product?
-- Matthew Keller Information Security Officer/Network Administrator Computing & Technology Services State University of New York @ Potsdam Potsdam, NY, USA http://mattwork.potsdam.edu/
Current thread:
- Software for Tracking Security Incidents Brenda B Gombosky (Mar 28)
- <Possible follow-ups>
- Re: Software for Tracking Security Incidents Steve Brukbacher (Mar 28)
- Re: Software for Tracking Security Incidents Pace, Guy (Mar 28)
- Re: Software for Tracking Security Incidents Rick Coloccia (Mar 28)
- Re: Software for Tracking Security Incidents Bill Kyle (Mar 28)
- Re: Software for Tracking Security Incidents Everett, Alex (Mar 28)
- Re: Software for Tracking Security Incidents Matthew Keller (Mar 28)
- Re: Software for Tracking Security Incidents James Moore (Mar 28)
- Re: Software for Tracking Security Incidents James Moore (Mar 29)
- Re: Software for Tracking Security Incidents Mclaughlin, Kevin (mclaugkl) (Mar 29)
- Re: Software for Tracking Security Incidents Jonny Sweeny (Mar 29)