Re: Examples of Incident Response Policies for the InfoSec Guide

[Valerie Vogel <vvogel () EDUCAUSE EDU>]

Thanks to everyone who provided links to their campus incident response policies and resources. We have added these to 
the guide’s Information Security Policy Examples page: 
https://www.educause.edu/focus-areas-and-initiatives/policy-and-security/cybersecurity-program/resources/information-security-guide/security-policies/information-security-policy-examples

Have a great weekend!
Valerie

Valerie Vogel
Senior Manager, Cybersecurity Program

EDUCAUSE
Uncommon Thinking for the Common Good
direct: 202.331.5374 | Follow HEISC on 
LinkedIn<https://www.linkedin.com/showcase/higher-education-information-security-council-heisc-/> | twitter: 
@HEISCouncil | vvogel () educause edu<mailto:vvogel () educause edu>

From: Security Discussion Group List <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of "Williams, Matthew (wilmh)" 
<wilmh () UCMAIL UC EDU>
Reply-To: Security Discussion Group List <SECURITY () LISTSERV EDUCAUSE EDU>
Date: Thursday, February 21, 2019 at 8:58 AM
To: Security Discussion Group List <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Examples of Incident Response Policies for the InfoSec Guide

Univ. of Cincinnati’s IR Policy, Procedure, and Escalation Guideline are available at 
https://www.uc.edu/infosec/policies.html.

—
Matthew Williams
CISSP, CISM, GSLC, GSTRT, ITIL V3
Director
Office of Information Security | University of Cincinnati
Direct - 513-556-3708 | Dept - 513-558-ISEC (4732)
matthew.williams () uc edu<mailto:matthew.williams () uc edu> | 
www.uc.edu/infosec<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.uc.edu%2Finfosec&data=02%7C01%7C%7C48f615abf22d48c0e31b08d6981ddb39%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C1%7C636863651351391807&sdata=7CD6TQH6kItWsgRt4c%2F%2Bqioc5eiZPZW8CVtMaN2mzaY%3D&reserved=0>
Secure the Present, Protect the Future.


From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of "Boyce-Werner, 
Rori" <Rori.Boyce-Werner () UNH EDU>
Reply-To: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU>
Date: Thursday, February 21, 2019 at 10:31 AM
To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Examples of Incident Response Policies for the InfoSec Guide

Our Incident Response Plan is publicly available here:

https://www.unh.edu/it/sites/www.unh.edu.it/files/unh_information_security_incident_response_plan_v5.pdf<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.unh.edu%2Fit%2Fsites%2Fwww.unh.edu.it%2Ffiles%2Funh_information_security_incident_response_plan_v5.pdf&data=02%7C01%7C%7C48f615abf22d48c0e31b08d6981ddb39%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C1%7C636863651351401812&sdata=tN1KBIsXvFe5NpXzWciN5xYMjGCLK5940LaIu0QAAoQ%3D&reserved=0>


Rori Boyce-Werner
Information Security Compliance Program Manager
University of New 
Hampshire<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.unh.edu%2F&data=02%7C01%7C%7C48f615abf22d48c0e31b08d6981ddb39%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C1%7C636863651351411822&sdata=7IkqPYYnfjjarEauW8NJteZJLhudHqGw%2BoMvh5pv3pY%3D&reserved=0>
Information Security Services 
(ISS)<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.unh.edu%2Fit%2Finformation-security-services&data=02%7C01%7C%7C48f615abf22d48c0e31b08d6981ddb39%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C1%7C636863651351411822&sdata=yiFvSDVJb8%2Fk5Y0zmdvOKks7ND4ZYozofnWpDjo44q0%3D&reserved=0>
d.  (603) 862-2377
m. (603) 731-9071

[ISS UNH logo]



From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of randy
Sent: Wednesday, February 20, 2019 2:37 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Examples of Incident Response Policies for the InfoSec Guide

Caution - External Email
________________________________
Our sanitized IR guidelines doc is publicly available. That and some other info is at 
https://security.vt.edu/incident.html<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__security.vt.edu_incident.html%26d%3DDwMFaQ%26c%3Dc6MrceVCY5m5A_KAUkrdoA%26r%3D4eyhFgFmnQGIGTNrMQLkE-2RuqqnJ9DeKpK8A0XqnNg%26m%3Dczp0MHiCvsqikt9S8zLVJvp7TaY6Ya_A7vPGDtxeiBI%26s%3Dn06elwlbRvd2V_wkIRcSasi9lLarr2YAHefs5QmgaH4%26e%3D&data=02%7C01%7C%7C48f615abf22d48c0e31b08d6981ddb39%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C0%7C636863651351421822&sdata=ZTBoxucCZulTgdGk4POZM2ois1AG8s2PpiuTSyegK5o%3D&reserved=0>.

-Randy Marchany
VA Tech IT Security Office and Lab

On Wed, Feb 20, 2019 at 2:30 PM Valerie Vogel <vvogel () educause edu<mailto:vvogel () educause edu>> wrote:
Good afternoon,

Does your campus have publicly facing Incident Response policies and/or procedures that you’d be willing to share?

We are looking for current links to include as examples in the Information Security Guide’s Incident Management and 
Response chapter 
(https://www.educause.edu/focus-areas-and-initiatives/policy-and-security/cybersecurity-program/resources/information-security-guide/incident-management-and-response<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__www.educause.edu_focus-2Dareas-2Dand-2Dinitiatives_policy-2Dand-2Dsecurity_cybersecurity-2Dprogram_resources_information-2Dsecurity-2Dguide_incident-2Dmanagement-2Dand-2Dresponse%26d%3DDwMFaQ%26c%3Dc6MrceVCY5m5A_KAUkrdoA%26r%3D4eyhFgFmnQGIGTNrMQLkE-2RuqqnJ9DeKpK8A0XqnNg%26m%3Dczp0MHiCvsqikt9S8zLVJvp7TaY6Ya_A7vPGDtxeiBI%26s%3DHaDiNPGkPeoYSgdwyVgK4Oo2_ukw5fAb82gPoRay_Qo%26e%3D&data=02%7C01%7C%7C48f615abf22d48c0e31b08d6981ddb39%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C0%7C636863651351431836&sdata=oP7%2BIyzaK1eyF2JpxD0sACX5wLpCk4jCAbInfM9UCyc%3D&reserved=0>).

These links may also be added to the Guide’s Information Security Policy Examples page 
(https://www.educause.edu/focus-areas-and-initiatives/policy-and-security/cybersecurity-program/resources/information-security-guide/security-policies/information-security-policy-examples<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__www.educause.edu_focus-2Dareas-2Dand-2Dinitiatives_policy-2Dand-2Dsecurity_cybersecurity-2Dprogram_resources_information-2Dsecurity-2Dguide_security-2Dpolicies_information-2Dsecurity-2Dpolicy-2Dexamples%26d%3DDwMFaQ%26c%3Dc6MrceVCY5m5A_KAUkrdoA%26r%3D4eyhFgFmnQGIGTNrMQLkE-2RuqqnJ9DeKpK8A0XqnNg%26m%3Dczp0MHiCvsqikt9S8zLVJvp7TaY6Ya_A7vPGDtxeiBI%26s%3D8ZL3MzzK0LUrRyy0seSkVEqXK_wXKg-hxY8b2dLrA5s%26e%3D&data=02%7C01%7C%7C48f615abf22d48c0e31b08d6981ddb39%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C0%7C636863651351431836&sdata=VGZqMsC7JRwBmMCBc5HUcX1cn9wNSnjSGPvOB%2Fy%2FTfA%3D&reserved=0>)
 under the Incident Management and Response section.

Thank you!
Valerie

Valerie Vogel
Interim Director, Cybersecurity Program

EDUCAUSE
Uncommon Thinking for the Common Good
direct: 202.331.5374 | Follow HEISC on 
LinkedIn<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__www.linkedin.com_showcase_higher-2Deducation-2Dinformation-2Dsecurity-2Dcouncil-2Dheisc-2D_%26d%3DDwMFaQ%26c%3Dc6MrceVCY5m5A_KAUkrdoA%26r%3D4eyhFgFmnQGIGTNrMQLkE-2RuqqnJ9DeKpK8A0XqnNg%26m%3Dczp0MHiCvsqikt9S8zLVJvp7TaY6Ya_A7vPGDtxeiBI%26s%3DUfZtY1aePaNINxauyOpOhoZ-e21d25imnL7LHoVEprY%26e%3D&data=02%7C01%7C%7C48f615abf22d48c0e31b08d6981ddb39%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C0%7C636863651351441841&sdata=h9disDwQlYkWmqejeshwtZXK9RbWpNZXec0g9tubUy8%3D&reserved=0>
 | twitter: @HEISCouncil | vvogel () educause edu<mailto:vvogel () educause edu>