Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SOP for Managing Phishing/Ransomware Attempts

From: James Valente <jvalente () SALEMSTATE EDU>
Date: Thu, 11 Aug 2016 03:44:43 +0000
I also try to reach out to the school's CISO/Director of Infosec/Analyst/Whoever is on the WHOIS record and let them 
know about the compromised account if I see a phish coming from another .edu.

We've ended up on some RBLs in the past after a compromised account so I figure trying to let the school know about the 
account ASAP can really help with allowing them to secure the account before it gets to that point. It really saves 
everybody the trouble of dealing with submitting requests, if even an option, to be removed from blacklists.

--James
________________________________
From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] on behalf of Frank Barton 
[bartonf () HUSSON EDU]
Sent: Wednesday, August 10, 2016 22:18
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] SOP for Managing Phishing/Ransomware Attempts

Add me to the list of folks that would be interested in knowing what others have set up. We work on this on an ad-hoc 
basis, looking at a how many times we see a specific message.
I will note that when I do see a phishing email from a compromised account at another educational institution, I do 
make a point of calling to let them know.

Frank

On Wed, Aug 10, 2016 at 6:50 PM, David D Grisham <DGrisham () salud unm edu<mailto:DGrisham () salud unm edu>> wrote:
As we are just setting up phishing campaigns and reporting buttons, I would like to communicate with anyone who has set 
up standards, procedures, etc. for a large  campus environment with multiple units.
Cheers.-grish
David Grisham
David Grisham, PhD, CISM, CRISC,  CHS III
Manager, ITSecurity, UNM Hospitals, UNM Health Science Center
505.272.5657<tel:505.272.5657>
Dgrisham () salud UNM edu<mailto:Dgrisham () salud UNM edu>



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () 
LISTSERV EDUCAUSE EDU>] On Behalf Of Rob Cherveny
Sent: Wednesday, August 10, 2016 4:12 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] SOP for Managing Phishing/Ransomware Attempts

I'd be interested in your document as you progress. Unfortunately, we're ad hoc.

Thanks.
Rob
--
Rob Cherveny, PMP
Director, Information Security
University of North Georgia

On Aug 10, 2016, at 17:57, Christopher Jones <Christopher.Jones () UFV CA<mailto:Christopher.Jones () ufv ca>> wrote:
We are looking at revamping our current procedures for managing phishing and ransomware attempts.  What we have in 
place now is fairly informal, but are looking to develop a more formal plan.  If anyone has gone through this process 
and would be willing to share, that would be most appreciated.  Specifically, we could use information such as:

     1. Thresholds for when to generate general university-wide alerts
     2. Number of phishing messages received before a “search and destroy” operation is implemented to remove malicious 
messages from inboxes

Thanks.

Christopher Jones
IT Security Analyst
University of the Fraser Valley
Christopher.Jones () ufv ca<mailto:Christopher.Jones () ufv ca>




--
Frank Barton
ACMT
IT Systems Administrator
Husson University
Previous By Date Next
Previous By Thread Next

Current thread: