Question

Scenario1: Incident Analysis and Response John, an XYZ university employee, noticed a warning message on his computer saying that the system has been attacked by a worm Win32.VB. Even though the antivirus software was present in the system, the software failed to detect the new worm because it was not updated to the latest version. When John tried to open his e-mail, he experienced a slow internet connection. He noticed there were some unusual file names in the disk. John immediately informed his friend Bob, who was also an XYZ employee, of the problem. Bob checked his computer in his office and experienced the same problem as John. John and Bob checked several computers in the laboratories, and found that Win32.VB worm had infected many other computers in the laboratory. They contacted the system administrator of the XYZ University. The system administrator checked the computers in the laboratory and reported the incident to the incident response team. The system administrator also checked the computers in other laboratories. As a result of the worm attack the activities in the XYZ University laboratory were suspended for a day, which caused a great inconvenience

1. Would the organization consider this activity as an incident? Justify your answer?

Answer 1

Answer)

Yes the organization consider this activity as an incident. Because activity are those works which are done regularly, so checking the email is a activity but getting the email slow is not a activity, so that could be a incident due to that Internet got slow. Everyday if the computer gets virus effected then it is a activity, but due to some incident or any problem in antivirus software the virus get effected so it is incident. And also the activities are suspended due to virus attack incident.