What incident level would this situation be classified as?

Darren is the network administrator for Greyson & Associates, a large law firm in Houston. Darren is responsible for all network functions as well as any digital forensics work that is needed. Darren is examining the firewall logs one morning and notices some unusual activity. He traces the activity target to one of the firm’s internal file servers and finds that many documents on that server were destroyed. After performing some calculations, Darren finds the damage to be around $75,000 worth of lost data. Darren decides that this incident should be handled and resolved within the same day of its discovery.

What incident level would this situation be classified as?

Darren is the network administrator for Greyson & Associates, a large law firm in Houston. Darren is responsible for all network functions as well as any digital forensics work that is needed. Darren is examining the firewall logs one morning and notices some unusual activity. He traces the activity target to one of the firm’s internal file servers and finds that many documents on that server were destroyed. After performing some calculations, Darren finds the damage to be around $75,000 worth of lost data. Darren decides that this incident should be handled and resolved within the same day of its discovery.

What incident level would this situation be classified as?

A.
This situation would be classified as a mid-level incident

B.
Since there was over $50,000 worth of loss, this would be considered a high-level incident

C.
Because Darren has determined that this issue needs to be addressed in the same day it was discovered, this would be considered a low-level incident

D.
This specific incident would be labeled as an immediate-level incident



Leave a Reply 0

Your email address will not be published. Required fields are marked *