Educause Security Discussion mailing list archives
Re: Role of Campus Police. Was: number of IT security staff
From: "Georgia T. Killcrece" <georgia () CERT ORG>
Date: Wed, 2 Feb 2005 19:22:39 -0500
Folks,"--On Monday, January 31, 2005 11:44 AM -0800 Steven Alexander <alexander.s () MCCD EDU> wrote:
" [deleted]
It would a good idea to contact your local law enforcement ahead of time and find out what they want you to do when responding to a security incident.
I've been following the threads of discussion on this list and am encouraged to see some of the feedback and additional comments that are being shared amongst the readership. There has been quite a lot of good advice/information on things to do and relationships that should be built (before your organization finds itself in situations where law enforcement needs to be brought into the picture). One of the things we talk with folks about is how critical it is (as part of your incident response plans) to identify and build these relationships with other campus contacts/officials andensure each understands the other's situation (issues, needs and requirements,
concerns, etc.). Having that clear understanding will go a long way to ensuring that the investigation or analysis of events are done in the right way. Another point I'd like to make is that some of these discussions you have will also need to involve the higher level management folks--to discuss approaches for what type of path they want to follow (e.g., Is it fix the problem and move on? Collect the evidence and prosecute? Do we know what the threshold is? How can we find out? Who do we need to speak to? you get the idea, I think?). Knowing the types of activity that an organization is interested in pursuing (or may be legally liable and required to pursue) means finding out some of the answers about how you approach doing some of the analysis and data collection before hand.So as Steven says and adding to it...get to know what you need to know (before it happens) so you do the right thing when you start down a particular
path and to ensure that you are doing things in the right way. Tracy Mitrano's second point is "dead on" in my opinion, and reflects what we hear from some of the local law enforcement folks we know and some of the FBI/USSS contacts we have interacted with in the past (er...not in any criminal activity, but from the standpoint of understanding how to work with them). One of the technical tips published by the CERT/CC a few years back was based on a collaborative effort with the FBI. (For any who might be interested, this is available from <http://www.cert.org/tech_tips/FBI_investigates_crime.html> ) It seems to me that I also see more in the way of guidance and training being available as it relates to "forensics" (from the perspective of gathering information related to computer security events/incidents in such a way that is done so the information will be admissible in law enforcement cases), and for sure talking with your local high-tech crimes teams for FBI or Secret Service can also provide help. Keep the dialog going! georgia -- Georgia Killcrece CSIRT Development Team CERT(R) Training and Education CERT(R) Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 U.S.A. Telephone: +1-412-268-7090 Fax: +1-412-268-6989 http://www.cert.org/ http://www.cert.org/csirts/ http://www.cert.org/training/ The CERT Coordination Center is part of the Software Engineering Institute (SEI). The SEI is sponsored by the U.S. Department of Defense. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Attachment:
_bin
Description:
Current thread:
- Re: Role of Campus Police. Was: number of IT security staff, (continued)
- Re: Role of Campus Police. Was: number of IT security staff Jon E. Mitchiner (Jan 31)
- Re: Role of Campus Police. Was: number of IT security staff Tracy Mitrano (Jan 31)
- Re: Role of Campus Police. Was: number of IT security staff Steven Alexander (Jan 31)
- Re: Role of Campus Police. Was: number of IT security staff Penn, Blake (Jan 31)
- Re: Role of Campus Police. Was: number of IT security staff Brian Kaye (Jan 31)
- Re: Role of Campus Police. Was: number of IT security staff Jon E. Mitchiner (Jan 31)
- Re: Role of Campus Police. Was: number of IT security staff Penn, Blake (Jan 31)
- Re: Role of Campus Police. Was: number of IT security staff Alec Yasinsac (Jan 31)
- Re: Role of Campus Police. Was: number of IT security staff James Riden (Jan 31)
- Re: Role of Campus Police. Was: number of IT security staff Rodney Petersen (Feb 01)
- Re: Role of Campus Police. Was: number of IT security staff Georgia T. Killcrece (Feb 02)
- Re: Role of Campus Police. Was: number of IT security staff John Lupton (Feb 04)
- Re: Role of Campus Police. Was: number of IT security staff Kay Sommers (Feb 04)