Pascal Meunier - CERIAS

Pascal Meunier

Aug 30, 2000

Size: 210.3MB

Download: Video Icon MP4 Video  
Watch in your Browser   Watch on Youtube Watch on YouTube

"The IRDB Project: An Incident Response Database For Gathering Cost And Incidence Information On Types of Security Events"

Abstract

Information about the incidence of security breaches is difficult to obtain. Emergency situations are not favorable to the maintenance of records, the security breaches are embarrassing and possibly damaging, and disclosing information about the incidents may reveal some sensitive information. Moreover, the nature of the incident and its cause are not always fully known. Because of this, the frequency and cost is difficult to assess by type of incident.

The IRDB project attempts to provide a framework to record incident information and duration. Besides email and cost recording, it provides a dynamic classification of incidents. In the IRDB, incidents have a risk type and an attack type. The risk type expresses the consequences of the attack (e.g., root access). The attack type identifies kinds of attacks (e.g., SANS top ten). Each type is itself classified by properties. With this system, we hope that 1) organizations using the same type classification can directly share data; 2) organizations not using the same type classification can translate data based on the properties of the types; 3) statistical data from many different organizations can be assembled to present a coherent picture of incident costs and frequencies on a national scale. By making the type classification dynamic, it is hoped that the severity of future, currently unknown types of attacks can be rapidly assessed.

About the Speaker

Pascal began managing the Vulnerabilities Database and Incident Response Database projects as a graduate student. He joined CERIAS in a research scientist capacity in May of this year. Pascal graduated from Purdue with a M.Sc. in computer sciences, which he added to his previous Ph.D. in Biophysics from the University of Qu

Unless otherwise noted, the security seminar is held on Wednesdays at 4:30P.M. STEW G52 (Suite 050B), West Lafayette Campus. More information...

Coming Up!

Our annual security symposium will take place on April 7 & 8, 2020.
Purdue University, West Lafayette, IN

More Information