Based on Type of Attack:
- Malware : Malicious code has been successfully logged into business infrastructure
- Unauthorized access (user/admin/other privilege escalations) : Any privilege escalations or access gained which should otherwise be denied to subject
- Phishing or Social Engineering tactics : Abuse of mostly employee or other which exploits human behavior by social engineering tactics,phishing mails etc
- Resource mis-configuration : Any resource not securely devices as per policies with appropriate measures
- Data breach : A super critical scenario, where sensitive data has been leaked.
- APT (Advanced Persistent Threat) : A targeted attack in which various techniques may be used to breach security infrastructure
- Resource abuse or DOS/DDOS : Denial of Business Services due to excess traffic, once again a targeted attack
- False alarms : These are the false-positives, most solutions render such time to time. As it is not actually an incident, it should be classified as separate
- Internal Exercises or Red Team Activity : Internal exercises by the CIRT(Computer Incidence Reponse Team) to test the security infrastructure. Red Team attacks are a group of white hat hackers who test your business security.
- Others : Some further classification may be done based on other common security issues faced by business.In general, the various varied attacks can be classified into this.
Based on Type of Activities:
- Forensics : Preservation of evidence and tracking incident origin
- Local IR
http://www.sans.org/reading-room/whitepapers/incident/incident-response-fight-35342
http://www.bu.edu/tech/services/security/services/incidents/reporting/types/
Comments