Educause Security Discussion mailing list archives
Re: SOP for Managing Phishing/Ransomware Attempts
From: James Valente <jvalente () SALEMSTATE EDU>
Date: Thu, 11 Aug 2016 03:44:43 +0000
I also try to reach out to the school's CISO/Director of Infosec/Analyst/Whoever is on the WHOIS record and let them know about the compromised account if I see a phish coming from another .edu. We've ended up on some RBLs in the past after a compromised account so I figure trying to let the school know about the account ASAP can really help with allowing them to secure the account before it gets to that point. It really saves everybody the trouble of dealing with submitting requests, if even an option, to be removed from blacklists. --James ________________________________ From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] on behalf of Frank Barton [bartonf () HUSSON EDU] Sent: Wednesday, August 10, 2016 22:18 To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] SOP for Managing Phishing/Ransomware Attempts Add me to the list of folks that would be interested in knowing what others have set up. We work on this on an ad-hoc basis, looking at a how many times we see a specific message. I will note that when I do see a phishing email from a compromised account at another educational institution, I do make a point of calling to let them know. Frank On Wed, Aug 10, 2016 at 6:50 PM, David D Grisham <DGrisham () salud unm edu<mailto:DGrisham () salud unm edu>> wrote: As we are just setting up phishing campaigns and reporting buttons, I would like to communicate with anyone who has set up standards, procedures, etc. for a large campus environment with multiple units. Cheers.-grish David Grisham David Grisham, PhD, CISM, CRISC, CHS III Manager, ITSecurity, UNM Hospitals, UNM Health Science Center 505.272.5657<tel:505.272.5657> Dgrisham () salud UNM edu<mailto:Dgrisham () salud UNM edu> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>] On Behalf Of Rob Cherveny Sent: Wednesday, August 10, 2016 4:12 PM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] SOP for Managing Phishing/Ransomware Attempts I'd be interested in your document as you progress. Unfortunately, we're ad hoc. Thanks. Rob -- Rob Cherveny, PMP Director, Information Security University of North Georgia On Aug 10, 2016, at 17:57, Christopher Jones <Christopher.Jones () UFV CA<mailto:Christopher.Jones () ufv ca>> wrote: We are looking at revamping our current procedures for managing phishing and ransomware attempts. What we have in place now is fairly informal, but are looking to develop a more formal plan. If anyone has gone through this process and would be willing to share, that would be most appreciated. Specifically, we could use information such as: 1. Thresholds for when to generate general university-wide alerts 2. Number of phishing messages received before a “search and destroy” operation is implemented to remove malicious messages from inboxes Thanks. Christopher Jones IT Security Analyst University of the Fraser Valley Christopher.Jones () ufv ca<mailto:Christopher.Jones () ufv ca> -- Frank Barton ACMT IT Systems Administrator Husson University
Current thread:
- SOP for Managing Phishing/Ransomware Attempts Christopher Jones (Aug 10)
- Re: SOP for Managing Phishing/Ransomware Attempts Rob Cherveny (Aug 10)
- Re: SOP for Managing Phishing/Ransomware Attempts David D Grisham (Aug 10)
- Re: SOP for Managing Phishing/Ransomware Attempts Frank Barton (Aug 10)
- Re: SOP for Managing Phishing/Ransomware Attempts James Valente (Aug 10)
- Re: SOP for Managing Phishing/Ransomware Attempts David D Grisham (Aug 10)
- Re: SOP for Managing Phishing/Ransomware Attempts Rob Cherveny (Aug 10)
- Re: SOP for Managing Phishing/Ransomware Attempts James Valente (Aug 10)
- Re: SOP for Managing Phishing/Ransomware Attempts Steven Alexander (Aug 10)
- Re: SOP for Managing Phishing/Ransomware Attempts Frank Barton (Aug 11)
- Re: SOP for Managing Phishing/Ransomware Attempts Keith Hartranft (Aug 11)
- Re: SOP for Managing Phishing/Ransomware Attempts Joel Anderson (Aug 13)
- Re: SOP for Managing Phishing/Ransomware Attempts Keith Hartranft (Aug 16)
- Re: SOP for Managing Phishing/Ransomware Attempts Wall Wofford (Aug 16)
- Re: SOP for Managing Phishing/Ransomware Attempts Sue Rivera (Aug 16)
- Re: SOP for Managing Phishing/Ransomware Attempts Keith Hartranft (Aug 16)
- Re: SOP for Managing Phishing/Ransomware Attempts Keith Hartranft (Aug 16)
- Re: SOP for Managing Phishing/Ransomware Attempts Steven Alexander (Aug 10)