Impact Analysis Guidelines

• The immediate threat to life or property
• Lazarus Alliance systems involved in Internet attacks against third-party computer systems/infrastructure
• Vulnerabilities that require immediate action and response
• Unauthorized access to sensitive Lazarus Alliance information
• Multiple Stores or DCs involved
• Impacts devices accessible from the Internet
• Violates any law

Examples include, but are not limited to:

• A compromised Lazarus Alliance computer was involved in a DoS attack against systems
• Compromised DNS server
• Bypassing firewall access control lists
• Discovering child pornography on, or access by, Lazarus Alliance systems
• Root or system administrator account compromised
• Malicious code (e.g., worms, viruses) outbreak affecting > 20 machines in a local area network
• An unexplained admin account

Impact Analysis Guidelines

• Involves a business-essential system
• Unsuccessful DoS attempts
• Wide-spread, unsuccessful intrusion attempts
• Non-admin user account compromises
• Violations of Lazarus Alliance Policies

Examples include, but are not limited to:

• Unsuccessful network attacks that could result in DoS
• Exchanging or viewing adult pornography (not child pornography)
• Presence of cracking tools on any network-connected device
• Single infection of a Lazarus Alliance workstation

Impact Analysis Guidelines

• Network recon attempts
• Involves computer systems classified as “all other systems”
• Unsuccessful intrusion attempts
• “Social Engineering” attempts
• Hoaxes
• Unexplained system behavior

Examples include, but are not limited to:

• Unsuccessful network attacks that could result in DoS
• Network port scans
• Phone calls asking for user names and passwords
• Unexplained/unexpected gaps in system logs