[Dshield] Back to InfoCon Green

Johannes B. Ullrich jullrich at sans.org
Tue Aug 16 15:14:06 GMT 2005

becketsj at songs.sce.com wrote:
> Are there written criteria for when to move the infocon level or is this
> simply a judgement call?  If the criteria are written, are they somewhere
> that I might read them so as to better understand what levels indicate
> what?  If it is someone's judgement, who might that be and is there any
> chain of succession if such person is off on vacation or out ill?

You can find our criteria here: http://isc.sans.org/infocon.php

The decision is made as a consensus among available handlers, with the
handler of the day having the final authority to change the infocon.

Overall, the infocon is more an indicator of change then an indicator of
a particular condition. It tends to stay 'green' as long as just the
usual exploits run around the net, but we do tend to move to yellow if
there is a substantion new threat, in paritcular if there is some
specific action people should take.

> I have a solid understanding of how this particular situation progressed
> and fully understand that, in the words of U.S. pharmaceuticals industry,
> "individual results may vary," but still wish to understand what is
> actually meant by green or yellow or orange.
> Josh Beckett
> SONGS IT Security
> Direct 949.368.2113/PAX 82113
> 14300 Mesa Road (G50-C), San Clemente, CA 92672
> "The superior man, when resting in safety, does not forget that danger may
> come.  When in a state of security he does not forget the possibility of
> ruin.  When all is orderly, he does not forget that disorder may come.
> Thus his person is not endangered, and his states and all their clans are
> preserved.", Confucius (551-479 B.C.)

Johannes Ullrich                        jullrich at sans.org
Chief Research Officer                     (617) 639 5000
PGP Key: https://secure.dshield.org/PGPKEYS

"We use [isc.sans.org] every day to keep on top of
 security at our bank" Matt, Network Administrator.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url : http://www.dshield.org/pipermail/list/attachments/20050816/0dfab8b1/signature.bin

More information about the list mailing list