2 cissp ® Official Study Guide Eighth Edition

Download 19,3 Mb.

Pdf ko'rish

bet	686/881
Sana	08.04.2023
Hajmi	19,3 Mb.
	#925879

1 ... 682 683 684 685 686 687 688 689 ... 881

Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Defining an Incident
Before digging into incident response, it’s important to understand the definition of an inci-
dent. Although that may seem simple, you’ll find that there are different definitions depend-
ing on the context.
An
incident
is any event that has a negative effect on the confidentiality, integrity, or
availability of an organization’s assets. Information Technology Infrastructure Library
version 3 (ITILv3) defines an incident as “an unplanned interruption to an IT Service or a
reduction in the quality of an IT Service.” Notice that these definitions encompass events as
diverse as direct attacks, natural occurrences such as a hurricane or earthquake, and even
accidents, such as someone accidentally cutting cables for a live network.
In contrast, a
computer security incident
(sometimes called just
security incident
)
commonly refers to an incident that is the result of an attack, or the result of malicious
or intentional actions on the part of users. For example, request for comments (RFC)
2350, “Expectations for Computer Security Incident Response,” defines both a security
incident and a computer security incident as “any adverse event which compromises some
aspect of computer or network security.” National Institute of Standards and Technology
(NIST) special publication (SP) 800-61 “Computer Security Incident Handling Guide”
defines a computer security incident as “a violation or imminent threat of violation of

Managing Incident Response
739
computer security policies, acceptable use policies, or standard security practices.” (NIST
documents, including SP 800-61, can be accessed from the NIST publications page:
https://csrc.nist.gov/Publications
).
In the context of incident response, an incident is referring to a computer security inci-
dent. However, you’ll often see it listed as just as incident. For example, within the CISSP
Security Operations domain, the “Conduct incident management” objective is clearly
referring to computer security incidents.
In this chapter, any reference to an incident refers to a computer security
incident. Organizations handle some incidents such as weather events
or natural disasters using other methods such as with a business con-
tinuity plan (covered in Chapter 3, “Business Continuity Planning”) or
with a disaster recovery plan (covered in Chapter 18, “Disaster Recovery
Planning”).
Organizations commonly defi ne the meaning of a computer security incident within
their security policy or incident response plans. The defi nition is usually one or two sen-
tences long and includes examples of common events that the organization classifi es as
security incidents, such as the following:
■
Any attempted network intrusion
■
Any attempted denial-of-service attack
■
Any detection of malicious software
■
Any unauthorized access of data
■
Any violation of security policies

Download 19,3 Mb.

Do'stlaringiz bilan baham:

1 ... 682 683 684 685 686 687 688 689 ... 881