Pascal Meunier, "The IRDB Project: An Incident Response Database For Gathering Cost And Incidence Information On Types of Security Events"
CERIAS Weekly Security Seminar - Purdue University
English - August 30, 2000 20:30 - 210 MB Video - ★★★★ - 6 ratingsTechnology Education Courses infosec security video seminar cerias purdue information sfs research education Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Information about the incidence of security breaches is difficult
to obtain. Emergency situations are not favorable to the
maintenance of records, the security breaches are embarrassing and
possibly damaging, and disclosing information about the incidents
may reveal some sensitive information. Moreover, the nature of the
incident and its cause are not always fully known. Because of this,
the frequency and cost is difficult to assess by type of incident.
The IRDB project attempts to provide a framework to record incident
information and duration. Besides email and cost recording, it
provides a dynamic classification of incidents. In the IRDB,
incidents have a risk type and an attack type. The risk type
expresses the consequences of the attack (e.g., root access). The
attack type identifies kinds of attacks (e.g., SANS top ten). Each
type is itself classified by properties. With this system, we hope
that 1) organizations using the same type classification can
directly share data; 2) organizations not using the same type
classification can translate data based on the properties of the
types; 3) statistical data from many different organizations can be
assembled to present a coherent picture of incident costs and
frequencies on a national scale. By making the type classification
dynamic, it is hoped that the severity of future, currently unknown
types of attacks can be rapidly assessed.