1 / 1100%
Incidents happen in all sectors and industries.Incident detection
precursors indicate that the incident may occur in the future.The
information is based on vendor advisories, security blogs, threat
intelligence sources or detection of actions from attackers which are
publicly available.   Incident indicators give information that the incident
may have already occurred or is currently happening.Together they
identify incidents before, during and after they have occurred.Even
though, as security professionals, we try to effectively manage risk,
incidents will always occur.
Working in the government sector, NIST SP800-61, the National Institute
of Standards and Technology, provides guidance for organizations to
handle security incidents.The incident response process contains
preparation, detection and analysis, containment, eradication, recovery
and post incident activity.
The different sources for identifying incidents are security alerts, logs,
and the publicly available information presented above.
In the SAP world, CVSS (common vulnerability scoring system) values
are used during vulnerability scans to present the severity values that
dictate the urgency to implement patches to mitigate the
vulnerabilities.This information is an incident detection
precursor.When a vulnerability scan is ran, and the finding is
uncovered, this is an indicator that the vulnerability is there.
Abraham, R. J. (2016, April 12).Introduction to CVSS. how sap uses
it?SAP Blogs. Retrieved March 2, 2022,
Students also viewed