State of Texas
Department of Information Resources
Leadership for Texas Government Technology

IT Security
	Emergency Alerts
	IT Security Services
	Monthly Incident Reports
	Reading Room
	Policies, Standards & Guidelines
	Continuity & Contingency Planning
	IT Security Training
	IT Security Contacts

Related Resources

Monthly Incident Summary Reports: December 2003 - February 2004

Links to other reports are available on the Security Reports Homepage.

Number of Agencies/Universities Reporting:

December 2003
OrganizationType	Incidents	No Incidents	Total
Universities	31	19	50
Agencies	41	41	82

January 2004
OrganizationType	Incidents	No Incidents	Total
Universities	32	9	41
Agencies	39	19	58

February 2004
OrganizationType	Incidents	No Incidents	Total
Universities	34	17	51
Agencies	45	27	72

Types of Incidents:

Types of Incidents	December 2003	January 2004	February 2004
Actual Infections	1639	24308	26613
Unauthorized Physical Access	-	-	-
Unauthorized Information Access	13	2	1
Web Site Defacement	-	1	1
Theft of Equipment	4	13	6
Theft of Information	-	1	-
Unauthorized Use/Misuse	39	221	146
Accident/Planned Disruption	25	21	13
Disruption or Denial of Services (DOS)	4	68	15
Other	24910	1056	29737
Total	26634	25691	56532

Impact of Incidents:

Month	Total Hours	Downtime Hours	Total Costs	Lost Data
Dec 2003	3166	108	116960	-
Jan 2004	6207	369	228499	-
Feb 2004	10838	323	306941	2

Incident Profiles:

Month	Detected with IDS	Internal Source	External Source
Dec 2003	4997219	7992	1420117
Jan 2004	4051419	10317	4176383
Feb 2004	2415338	29077	2303336

Malicious Code:

Malicious Code	Dec 2003	Jan 2004	Feb 2004
Viruses/Worms	789783	2368926	4211371
Logic Bombs	-	-	-
Back Doors	215	297	2545
Other Malicious Code	257758	346211	243426
Actual Infections	Dec 2003	Jan 2004	Feb 2004
Total Workstations/Hard Drives Infected	1653	24230	26561
Total Servers Infected	2	82	25

Server Types (Number of Systems):

Type of Systems	Dec 2003	Jan 2004	Feb 2004
Critical production applications and/or data	9	13	30
Critical administrative/support applications and/or data	2	13	8
Research applications and/or data	1	-	-
Academic applications and/or data	91	4	1
External use web servers	5	6	2927
Internal use web servers	2	3	-
FTP Servers	2	1	267
Email Servers	69	9478	135786
Print Servers	1	1	1
Other Servers	3225	9854	447
Total			139467

Response Activities and General Information:

Question	Dec	Jan	Feb
1. Number of times were incident response plans activated	67	103	212
2. Number of times disaster recovery plans activated due to security incident	-	2	5
3. Average hours from detection to containment	1355	771	543
4. Incidents with response activity logs kept	90	790	3450
5. Damage to agency/university IR assets	5	51	85
5a. Number of Assets restored	13	52	100
6. Number of incidents needed outside assistance	1	2	5
7. Number of incidents resulted in new security measures	108	815	343
7a. Number of patches installed	248	1986	482
7b. Number security software installed	15	728	37
7c. Number of additional policies developed	5	3	3
7d. Number other	1	-	-
8. Number incidents resulted in proliferation	80	61	181
8a. Internal Systems	65	48	93
8b. External Systems	15	13	91
9. Incidents resulted in external public awareness	1	15	5
10. Number Incidents reported to law enforcement	3	2	1




	Department of Information Resources 300 West 15th St., Suite 1300 Austin, TX 78701 (Map & Directions) 1-512-475-4700		Privacy & Security Policy Accessibility \| Open Records Policy Link Policy \| Compact with Texans DIR Contacts \| dirinfo@dir.state.tx.us

Last updated November 18, 2005