Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Outsourcing Forensics

From: Daniel R Jones <Dan.Jones () COLORADO EDU>
Date: Tue, 29 Aug 2006 08:47:22 -0600
As part of our incident response process we require external forensics
if there is an incident involving "private data" (in our data
classification scheme examples would be SSN, card holder information).
There are several reasons for this:

- if something does need to go to court we want the external expert,
- using an external firm helps eliminate the possibility of internal
staff being pressured deliver findings that are not supported by data,
- in the case of card holder information you do not really have the
choice but to use a PCIDSS certified forensics firm.

In addition to making sure your processes define how a potential data
breach would be handled I would also recommend that you have a policy
requiring immediate notice to your equivalent of a security office
whenever there is an incident involving sensitive data.

Dan Jones
Campus IT Security Office
University of Colorado at Boulder
________________________________________
From: Bret R Blackman [mailto:bblackma () MAIL UNOMAHA EDU] 
Sent: Monday, August 28, 2006 1:12 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Outsourcing Forensics


How many outsource their forensic work to a U.S. firm when there is an
incident involving confidential information on their campuses? 

Bret R. Blackman
University of Nebraska at Omaha
Director of Administrative Information Services
Information Technology Services, EAB 110
bblackma () mail unomaha edu
Previous By Date Next
Previous By Thread Next

Current thread: