Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Day 11 - Identification: Other Methods of Identifying an Incident

Published: 2008-10-11
Last Updated: 2008-10-14 15:00:31 UTC
by Stephen Hall (Version: 1)
0 comment(s)

Well, today is Day 11 of the Cyber Security Awareness Month and the last day of Identification.

We have covered in the last few days the more common methods of deciding that an event is actually an incident, including:

  • Events versus Incidents
  • Network-based Intrusion Detection Systems
  • Host-based Intrusion Detection Systems
  • Global Incident Awareness
  • Log and Audit Analysis
  • Using Your Help Desk to Identify Security Incidents

But today, we're interesting in hearing your stories from the field on unusual, interesting, and even funny stories of how you made the decision point of moving from event to incident. Drop us a note via the contact form, and we'll update the diary as we go along

Keywords: Awareness2008
0 comment(s)
Diary Archives