Difference between revisions of "Incident response to the existence of malicious files in the mirror network"

Latest revision as of 03:03, 11 December 2009

Level of Incident

Range

1. A single mirror server has been affected.
2. A few mirror servers have been affected, or are being affected.
3. Several mirror servers have been affected, or are being affected.
4. A Tier-1 server has been affected.
5. The master server has been affected.

Trend

1. Threats are going to cease.
2. Threats are stable, or nearly stable.
3. Threats are going to rise.

Priority

1. Low - the number of victims is stable, or slowly increasing.
2. Middle - the number of victims is increasing.
3. High - the number of victims is rapidly increasing.

Severity

1. A questioned file is missing or broken and does not work at all.
2. A questioned file works but does not severely damage affected users.
3. A questioned file works and severely damage affected users.

Sensitivity

1. A questioned file is rarely downloaded. e.g. OpenOffice.org 1.1.x, dictionary files
2. A questioned file is sometimes downloaded. e.g. OpenOffice.org 2.4.3
3. A questioned file is frequently downloaded. e.g. The latest version (3.x) of OpenOffice.org