![]() The criticality matrix defines the minimal customer response time and ongoing communication requirements for a case. * - Sensitivity will vary depending on circumstances. Unauthorized escalation of privileges or deliberate attempt to subvert access controls.Inappropriate use of corporate asset such as computer, network, or application.Deliberate violation of Infosec policy.Sharing offensive material, sharing/possession of copyright material.Security consulting unrelated to any confirmed incident.Spoofed email, SPAM, and other email security-related events.This does not include compromised hosts that are being actively controlled by an attacker via a backdoor or Trojan. A virus or worm typically affecting multiple corporate devices.Reconnaissance or Suspicious Activity originating from outside the Company corporate network (partner network, Internet), excluding malware.Reconnaissance or Suspicious activity originating from inside the Company corporate network, excluding malware.Computer-related incidents of a criminal nature, likely involving law enforcement, Global Investigations, or Loss Prevention. Theft / Fraud / Human Safety / Child Porn.This includes malware-infected hosts where an attacker is actively controlling the host. Compromised host (root account, Trojan, rootkit), network device, application, user account.Attempted or successful destruction, corruption, or disclosure of sensitive corporate information or Intellectual Property.In addition, the classifications will provide CSIRT IMs with proper case handling procedures and will form the basis of SLAs between the CSIRT and other Company departments.Īll incidents managed by the CSIRT should be classified into one of the categories listed in the table below. Consistent case classification is required for the CSIRT to provide accurate reporting to management on a regular basis. ![]() This information will be entered into the Incident Tracking System (ITS) when a case is created. This document provides the guidelines needed for CSIRT Incident Managers (IM) to classify the case category, criticality level, and sensitivity level for each CSIRT case. It is critical that the CSIRT provide consistent and timely response to the customer, and that sensitive information is handled appropriately. CSIRT Case Classification (Example for Enterprise CSIRT)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |