The Incident Response Team and Information Services and Technology categorizes security incidents into a variety of categories and prioritizes each according to the severity of the incident.Â A rough overview of the types of incidents and how priority is assigned is documented here.
Types of Incidents
We routinely respond to incidents that can be categorized into one ofÂ five major types:
- Compromised Computing Resources, which includes:
- System (OS) account compromises
- User account compromises
- Email based abuse, such as:
- Unsolicited Commercial Email (UCE), more commonly known as “spam”
- Phishing Emails, which seek to have the recipient respond with either user credentials or personal information.
- Copyright Infringement Reports
- Network and Resource Abuses, including:
- Network scanning activity
- Denial of Service attacks
- Resource misconfiguration and abuses, like:
- Open proxy servers and anonymous ftp servers
- Vulnerable software configurations that may result in a future compromise.
- Abuse via web forms and blog sites
- Misuse of licensed resources
- Other impolite behaviors that violate our Policy on Computing Ethics.
Severity of Incident
Incidents are triaged according to the severity of the incident.Â Some factors that contribute to severity are:
- Safety concerns for people and buildings
- Loss or exposure of personal or institutional data
- Violation of laws and contracts
- Interruption of service to a community
- The size of the affected community