IDS mailing list archives
Re: Intrusion Risk Assessment
From: Herve Debar <herve.debar () francetelecom com>
Date: Tue, 07 Jan 2003 14:01:19 +0100
Robert_Huber () bankone com wrote:
Anyone know of any IDS risk assessment matrixes out there? I'm looking for something like the following: Rating Severity 1 No Damage a. Not possible to exploit (or) b. No damage (or) c. Hoax2 Harassment a. Possible damage, unconfirmed (or)b. Temporarily shuts down services and/or temporarily prevents access to information 3 Minor Damage a. Short-term impact (or) b. Exploit allows access to view files (or) c. Minimal effort required to recover 4 Moderate Damage a. The exploit is easy to perform (or) b. Important systems can be effected with administrative compromise (or) c. Exploit allows full access to files (or) d. Long-term effects, significant effort may be required to recover 5 Heavy Damage a. The exploit is easy to perform (and) b. An exploit will cause severe damage to multiple computers (and/or) c. Requires reinstallation or recovery from backup
Have a look at the IDWG draft on the data model for IDS alerts (http://www.ietf.org/html.charters/idwg-charter.html), there is something similar for classifying alerts.
Hervé -- Hervé Debar <mailto:herve.debar () francetelecom com> Tel: +33 (0)2 31 75 92 61 GSM: +33 (0)6 74 09 09 66 France Télécom R&D Fax: +33 (0)2 31 75 93 13 42 rue des Coutures (--) BP 6243 (--) F-14066 Caen Cedex 4
Current thread:
- Intrusion Risk Assessment Robert_Huber (Jan 06)
- RE: Intrusion Risk Assessment Rob Shein (Jan 07)
- Re: Intrusion Risk Assessment Herve Debar (Jan 07)
- <Possible follow-ups>
- RE: Intrusion Risk Assessment Alan Shimel (Jan 07)
- Re: Intrusion Risk Assessment Fernando Cardoso (Jan 07)
- RE: Intrusion Risk Assessment Robert Buckley (Jan 07)
- FW: Intrusion Risk Assessment Peter Schwarz (Jan 07)
- re[2]: Intrusion Risk Assessment Richard Bennison (Jan 08)
- re[2]: Intrusion Risk Assessment Ron Gula (Jan 10)
- RE: VA/IDS Integration (Was: RE: re[2]: Intrusion Risk Assessment) David J. Meltzer (Jan 10)
- re[2]: Intrusion Risk Assessment Ron Gula (Jan 10)
- RE: Intrusion Risk Assessment Nicole Nicholson (Jan 08)
- RE: Intrusion Risk Assessment Fengmin Gong (Jan 21)