The IRDB Project: An Incident Response Database For Gathering Cost And Incidence Information On Types of Security Events

Aug 30, 2000

Download: MP4 Video Size: 210.3MB  
Watch on YouTube

Abstract

Information about the incidence of security breaches is difficult to obtain. Emergency situations are not favorable to the maintenance of records, the security breaches are embarrassing and possibly damaging, and disclosing information about the incidents may reveal some sensitive information. Moreover, the nature of the incident and its cause are not always fully known. Because of this, the frequency and cost is difficult to assess by type of incident.

The IRDB project attempts to provide a framework to record incident information and duration. Besides email and cost recording, it provides a dynamic classification of incidents. In the IRDB, incidents have a risk type and an attack type. The risk type expresses the consequences of the attack (e.g., root access). The attack type identifies kinds of attacks (e.g., SANS top ten). Each type is itself classified by properties. With this system, we hope that 1) organizations using the same type classification can directly share data; 2) organizations not using the same type classification can translate data based on the properties of the types; 3) statistical data from many different organizations can be assembled to present a coherent picture of incident costs and frequencies on a national scale. By making the type classification dynamic, it is hoped that the severity of future, currently unknown types of attacks can be rapidly assessed.