State of Texas
Department of Information Resources
Leadership for Texas Government Technology

IT Security
	Emergency Alerts
	IT Security Services
	Monthly Incident Reports
	Reading Room
	Policies, Standards & Guidelines
	Continuity & Contingency Planning
	IT Security Training
	IT Security Contacts

Related Resources

Monthly Incident Summary Reports: June - August 2004

Links to other reports are available on the Security Reports Homepage.

Section 1: June - August 2004
Number of Agencies and Universities Reporting:

June 2004
OrganizationType	Incidents	No Incidents	Total
Universities	39	18	57
Agencies	39	45	84

July 2004
OrganizationType	Incidents	No Incidents	Total
Universities	38	18	56
Agencies	43	35	78

August 2004
OrganizationType	Incidents	No Incidents	Total
Universities	39	18	57
Agencies	43	33	76

Types of Incidents:

Types of Incidents	June 2004	July 2004	August 2004
Actual Infections	1062	12120	6531
Unauthorized Physical Access	4	6	3
Unauthorized Information Access	8	4	4
Web Site Defacement	2	0	6
Theft of Equipment	14	7	10
Theft of Information	0	0	2
Unauthorized Use/Misuse	53	54	4018
Accident/Planned Disruption	37	55	36
Disruption or Denial of Services (DOS)	8	223	64
Other	8235	23676	56304
Total	9423	36145	66978

Impact of Incidents:

Month	Total Hours	Downtime Hours	Total Costs	Lost Data
June 2004	2541	589	82447	-
July 2004	3066	419	317609	2
August 2004	3339	924	164123	-

Incident Profiles:

Month	Detected with IDS	Internal Source	External Source
June 2004	7160987	74119	7270664
July 2004	693238	42793	718990
August 2004	22975727	2132	1511915

Malicious Code:

Malicious Code	June 2004	July 2004	August 2004
Viruses/Worms	3293707	4067808	2883552
Logic Bombs	-	1	42215
Back Doors	2675	4813	2216
Other Malicious Code	254640	19577	416838
Actual Infections	June 2004	July 2004	August 2004
Total Workstations/Hard Drives Infected	1043	12106	6503
Total Servers Infected	19	14	28

Server Types (Number of Systems):

Type of Systems	June 2004	July 2004	August 2004
Critical production applications and/or data	4	6	19
Critical administrative/support applications and/or data	7	8	17
Research applications and/or data	-	6	1
Academic applications and/or data	121	8	28
External use web servers	5363	6	9
Internal use web servers	4	2	5
FTP Servers	1	1	2
Email Servers	55032	61200	69115
Print Servers	-	3	2
Other Servers	17	22994	14
Total	60549	84234	69212

Response Activities and General Information:

Question	June 2004	July 2004	August 2004
1. Number of times were incident response plans activated	116	21	130
2. Number of times disaster recovery plans activated due to security incident	0	378	6
3. Average hours from detection to containment	396	1745	405
4. Incidents with response activity logs kept	743	19	4508
5. Damage to agency/university IR assets	22	19	17
5a. Number of Assets restored	25	6	15
6. Number of incidents needed outside assistance	3	281	7
7. Number of incidents resulted in new security measures	41	488	39
7a. Number of patches installed	402	152	176
7b. Number security software installed	76	7	34
7c. Number of additional policies developed	2	4	10
7d. Number other	24	277	27
8. Number incidents resulted in proliferation	153	134	86
8a. Internal Systems	68	146	75
8b. External Systems	86	4	11
9. Incidents resulted in external public awareness	1	4	15
10. Number Incidents reported to law enforcement	1	3	4




	Department of Information Resources 300 West 15th St., Suite 1300 Austin, TX 78701 (Map & Directions) 1-512-475-4700		Privacy & Security Policy Accessibility \| Open Records Policy Link Policy \| Compact with Texans DIR Contacts \| dirinfo@dir.state.tx.us

Last updated November 18, 2005