Received: by 10.224.26.142 with SMTP id e14mr291986qac.34.1271593130860;
Sun, 18 Apr 2010 05:18:50 -0700 (PDT)
X-BeenThere: iso27001security@googlegroups.com
Received: by 10.224.53.149 with SMTP id m21ls4261869qag.6.p; Sun, 18 Apr 2010
05:18:47 -0700 (PDT)
Received: by 10.224.41.148 with SMTP id o20mr502263qae.22.1271593126864;
Sun, 18 Apr 2010 05:18:46 -0700 (PDT)
Received: by 10.224.41.148 with SMTP id o20mr502262qae.22.1271593126816;
Sun, 18 Apr 2010 05:18:46 -0700 (PDT)
Return-Path: <ram.marap...@gmail.com>
Received: from qw-out-2122.google.com (qw-out-2122.google.com [74.125.92.24])
by gmr-mx.google.com with ESMTP id 19si830247qyk.1.2010.04.18.05.18.45;
Sun, 18 Apr 2010 05:18:45 -0700 (PDT)
Received-SPF: pass (google.com: domain of ram.marap...@gmail.com designates 74.125.92.24 as permitted sender) client-ip=74.125.92.24;
Received: by qw-out-2122.google.com with SMTP id 5so1179461qwi.3
for <iso27001security@googlegroups.com>; Sun, 18 Apr 2010 05:18:45 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.224.45.148 with HTTP; Sun, 18 Apr 2010 05:18:45 -0700 (PDT)
In-Reply-To: <b1d9c897-80f6-4d2f-9c32-f3a293d5d3ae@x3g2000yqd.googlegroups.com>
References: <323f2ade1003081555m6fad513co4de85e42524c19bf@mail.gmail.com>
<b1d9c897-80f6-4d2f-9c32-f3a293d5d3ae@x3g2000yqd.googlegroups.com>
Date: Sun, 18 Apr 2010 20:18:45 +0800
Received: by 10.224.27.152 with SMTP id i24mr1266525qac.83.1271593125651; Sun,
18 Apr 2010 05:18:45 -0700 (PDT)
Message-ID: <k2zcbc0a1311004180518x38973223jd94c937f91fd154d@mail.gmail.com>
Subject: Re: [ISO 27001 security] Re: Security Incidents
From: Marappan Ramiah <ram.marap...@gmail.com>
To: iso27001security@googlegroups.com
X-Original-Authentication-Results: gmr-mx.google.com; spf=pass (google.com:
domain of ram.marap...@gmail.com designates 74.125.92.24 as permitted sender)
smtp.mail=ram.marap...@gmail.com; dkim=pass (test mode) header...@gmail.com
X-Original-Sender: ram.marap...@gmail.com
Reply-To: iso27001security@googlegroups.com
Precedence: list
Mailing-list: list iso27001security@googlegroups.com; contact
iso27001security+owners@googlegroups.com
List-ID: <iso27001security.googlegroups.com>
List-Post: <http://groups.google.com/group/iso27001security/post?hl=en_US>,
<mailto:iso27001security@googlegroups.com>
List-Help: <http://groups.google.com/support/?hl=en_US>, <mailto:iso27001security+help@googlegroups.com>
List-Archive: <http://groups.google.com/group/iso27001security?hl=en_US>
Sender: iso27001security@googlegroups.com
List-Unsubscribe: <http://groups.google.com/group/iso27001security/subscribe?hl=en_US>,
<mailto:iso27001security+unsubscribe@googlegroups.com>
Content-Type: multipart/alternative; boundary=00c09f99e29b8da81c048481d8cb
--00c09f99e29b8da81c048481d8cb
Content-Type: text/plain; charset=ISO-8859-1
Hi all,
Please note the following :
- when one does vulnerability scanning and find the patch for a certain
vulnerability was not installed for a particular server , what is follow-up
action - raise a incident ticket or change request ?
- you raise a change request and you do the patching ( corective action)
and governance/SLA issue on why the patch was not installed on all servers
? this may lead to a problem ticket to find out the Root cause for failure
in patching and propose preventive actions
Best Regards
Ram
On Fri, Apr 16, 2010 at 1:32 PM, tysyd <tysyd2...@gmail.com> wrote:
> There are a number of research proposals out there (can't remember of
> the top of my head) that distinguish between an incident and event.
> for example, event is defined as some Action that is directed at some
> Target with the intended result of change of State (Status). the
> Action does not have to succeed, and the State does not have to be
> changed for the occurrence to be considered as an Event, however this
> definition of Event is correct as long as some Action was directed at
> some Target. Incident on the other hand is a bit more complicated to
> define and has more components: Attacker -> Tool -> Vulnerability ->
> Target -> Unauthorised result. for our Organisation I have basically
> defined an Incident as any occurrence of an event where Risk was
> assumed or policy was breached, and in order to make this useful you
> should use CIA and further classification of Incidents such as low /
> medium / high. As to your specific question, I wouldn't consider a
> Vulnerability as an incident since whilst risk is there it wasn't
> assumed. Vulnerability should be mitigated via Vulnerability
> Management process.
>
> On Mar 9, 9:55 am, marck ernest <marck.ern...@gmail.com> wrote:
> > As we are reviewing control regarding information security incident
> > management , i wonder if scope of this control reaches information
> > security vulnerability reporting.
> > Misinterpretation of security incident as a concept may lead to
> > believe that a security incident only encompasses those events that
> > already broke into information security and not those which have the
> > potential to represent threat.
> > Given that, how would a vulnerabilty in a server be reported if found
> > by a sysadmin ? Should the vulnerability be considered an incident
> > even if not exploited? and if so, should it be reported as a security
> > incident or be treated as technical vulnerability (control 12.6) ?
> >
> > Thanks
>
> --
> You received this message because you are subscribed to the Google Groups
> "ISO 27001 security" group.
> To post to this group, send email to iso27001security@googlegroups.com
> To unsubscribe from this group, send email to
> iso27001security-unsubscribe@googlegroups.com
> For more information, visit www.iso27001security.com
>
> Subscription settings:
> http://groups.google.com/group/iso27001security/subscribe?hl=en
>
--
You received this message because you are subscribed to the Google Groups "ISO 27001 security" group.
To post to this group, send email to iso27001security@googlegroups.com
To unsubscribe from this group, send email to iso27001security-unsubscribe@googlegroups.com
For more information, visit www.iso27001security.com
--00c09f99e29b8da81c048481d8cb
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div>Hi all,</div>
<div>Please note the following :</div>
<ul>
<li>when=A0one does vulnerability scanning and find the patch for a certain=
vulnerability was not installed for a particular server , what is follow-u=
p action - raise a incident ticket or change request ?=A0</li>
<li>you raise a change request and you do the patching ( corective action) =
=A0and governance/SLA =A0issue on why the patch was not installed on all se=
rvers ? this may lead to a problem ticket to find out the Root cause for fa=
ilure in patching and propose preventive actions</li>
</ul>
<div>Best Regards</div>
<div>Ram</div>
<div>=A0</div>
<div class=3D"gmail_quote">On Fri, Apr 16, 2010 at 1:32 PM, tysyd <span dir=
=3D"ltr"><<a href=3D"mailto:tysyd2...@gmail.com">tysyd2...@gmail.com</a>=
></span> wrote:<br>
<blockquote style=3D"BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex=
; PADDING-LEFT: 1ex" class=3D"gmail_quote">There are a number of research p=
roposals out there (can't remember of<br>the top of my head) that disti=
nguish between an incident and event.<br>
for example, event is defined as some Action that is directed at some<br>Ta=
rget with the intended result of change of State (Status). the<br>Action do=
es not have to succeed, and the State does not have to be<br>changed for th=
e occurrence to be considered as an Event, however this<br>
definition of Event is correct as long as some Action was directed at<br>so=
me Target. Incident on the other hand is a bit more complicated to<br>defin=
e and has more components: Attacker -> Tool -> Vulnerability -><br=
>
Target -> Unauthorised result. for our Organisation I have basically<br>=
defined an Incident as any occurrence of an event where Risk was<br>assumed=
or policy was breached, and in order to make this useful you<br>should use=
CIA and further classification of Incidents such as low /<br>
medium / high. As to your specific question, I wouldn't consider a<br>V=
ulnerability as an incident since whilst risk is there it wasn't<br>ass=
umed. Vulnerability should be mitigated via Vulnerability<br>Management pro=
cess.<br>
<div>
<div></div>
<div class=3D"h5"><br>On Mar 9, 9:55=A0am, marck ernest <<a href=3D"mail=
to:marck.ern...@gmail.com">marck.ern...@gmail.com</a>> wrote:<br>> As=
we are reviewing control regarding information security incident<br>> m=
anagement , i wonder if scope of this control reaches information<br>
> security vulnerability reporting.<br>> Misinterpretation of securit=
y incident as a concept may lead to<br>> believe that a security inciden=
t only encompasses those events that<br>> already broke into information=
security and not those which have the<br>
> potential to represent threat.<br>> Given that, how would a vulnera=
bilty in a server be reported if found<br>> by a sysadmin ? Should the v=
ulnerability be considered an incident<br>> even if not exploited? and i=
f so, should it be reported as a security<br>
> incident or be treated as technical vulnerability (control 12.6) ?<br>=
><br>> Thanks<br><br>--<br>You received this message because you are =
subscribed to the Google Groups "ISO 27001 security" group.<br>
To post to this group, send email to <a href=3D"mailto:iso27001security@goo=
glegroups.com">iso27001security@googlegroups.com</a><br>To unsubscribe from=
this group, send email to <a href=3D"mailto:iso27001security-unsubscribe@g=
ooglegroups.com">iso27001security-unsubscribe@googlegroups.com</a><br>
For more information, visit <a href=3D"http://www.iso27001security.com/" ta=
rget=3D"_blank">www.iso27001security.com</a><br><br></div></div>
<div>
<div></div>
<div class=3D"h5">Subscription settings: <a href=3D"http://groups.google.co=
m/group/iso27001security/subscribe?hl=3Den" target=3D"_blank">http://groups=
.google.com/group/iso27001security/subscribe?hl=3Den</a><br></div></div></b=
lockquote>
</div><br>
<p></p>
-- <br />
You received this message because you are subscribed to the Google Groups &=
quot;ISO 27001 security" group.<br />
To post to this group, send email to iso27001security@googlegroups.com<br /=
>
To unsubscribe from this group, send email to iso27001security-unsubscribe@=
googlegroups.com<br />
For more information, visit www.iso27001security.com
Message from discussion Security Incidents
| Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy |
| ©2013 Google |