Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint

Scope

After an incident has been detected, it is important to promptly determine its scope in order to understand the extent of possible compromise to affected data, help in determining the intervention actions, and assign an appropriate priority. Scope considerations include:

  • The internal or external origination or entry point of the incident and the extent of penetration.

  • The location of the affected data within the security perimeter.

  • The extent of compromise for a particular system or database.

  • The level of access and privileges that the unauthorized party gained.

  • The number of simultaneous or closely related incidents.

  • The number of attack avenues being used.

  • The number of hosts or databases that were compromised.

  • The amount, sensitivity, and protection of data compromised.

  • The number of parties affected.

  • The number of people who know about the incident.

  • The extent of the exploited vulnerability and its presence in other systems or databases.

  • The potential damage of the incident.


  

You are currently reading a PREVIEW of this book.

                                                                                                                    

Get instant access to over $1 million worth of books and videos.

  

Start a Free Trial


  
  • Safari Books Online
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint