Threat Level Definition
High The threat poses a significant risk to the Lazarus Alliance resources or other outside computer systems and requires immediate action.

Impact Analysis Guidelines

  • The immediate threat to life or property
  • Lazarus Alliance systems involved in Internet attacks against third-party computer systems/infrastructure
  • Vulnerabilities that require immediate action and response
  • Unauthorized access to sensitive Lazarus Alliance information
  • Multiple Stores or DCs involved
  • Impacts devices accessible from the Internet
  • Violates any law

Examples include, but are not limited to:

  • A compromised Lazarus Alliance computer was involved in a DoS attack against systems
  • Compromised DNS server
  • Bypassing firewall access control lists
  • Discovering child pornography on, or access by, Lazarus Alliance systems
  • Root or system administrator account compromised
  • Malicious code (e.g., worms, viruses) outbreak affecting > 20 machines in a local area network
  • An unexplained admin account
Medium The threat impacts Lazarus Alliance computer resources and requires attention as soon as possible.  Response to a medium threat level would not require action after normal business hours but is important enough that a response should be made a priority in the normal course of operations.

Impact Analysis Guidelines

  • Involves a business-essential system
  • Unsuccessful DoS attempts
  • Wide-spread, unsuccessful intrusion attempts
  • Non-admin user account compromises
  • Violations of Lazarus Alliance Policies

Examples include, but are not limited to:

  • Unsuccessful network attacks that could result in DoS
  • Exchanging or viewing adult pornography (not child pornography)
  • Presence of cracking tools on any network-connected device
  • Single infection of a Lazarus Alliance workstation
Low

 

Does not immediately impact Lazarus Alliance computer resources but may warrant some research and possible action.  Unsuccessful threats in this category are generally considered “events” and are not reportable.

Impact Analysis Guidelines

  • Network recon attempts
  • Involves computer systems classified as “all other systems”
  • Unsuccessful intrusion attempts
  • “Social Engineering” attempts
  • Hoaxes
  • Unexplained system behavior

Examples include, but are not limited to:

  • Unsuccessful network attacks that could result in DoS
  • Network port scans
  • Phone calls asking for user names and passwords
  • Unexplained/unexpected gaps in system logs