Re: Releasing details

["Sherry, Cathy" <csherry () UMASSP EDU>]

The University of Massachusetts President's Office procedure is:

 

1.      Individual contacts the Helpdesk either to report issue.  

 

2.      Helpdesk opens ticket noting as much information (i.e., email
id, IP address, frequency, time messages sent, when messages started
being sent, etc.) about the suspected incident as possible. The TSC does
not give any information to the caller other than that:

 

        a.      The caller should file a compliant with campus and/or
local law enforcement,
        b.      The caller should notify their ISP in writing if ISP is
other than UMass,
        c.      If ISP is UMass, their complaint will be escalated to
the appropriate parties within the University. The University will not
contact or file a report with law enforcement as that is the
responsibility of the individual, but that when law enforcement contacts
us we will work with law enforcement as needed.  The Helpdesk should
explain that any follow-up investigation must be done via the law
enforcement, and that we cannot provide them with information on source
of emails, etc. 

 

If the caller is a law enforcement officer who is looking for IP address
information and the situation is not an emergency, refer the officer to
legal counsel.  The University does not respond to such requests via the
telephone.  All requests should be sent in writing to the University
legal counsel at the 225 Franklin St., 33rd Floor, Boston Ma 02110
address.  Legal counsel will respond.  If the request does not contain
confidential information it can also be faxed to 617-287-7044.

 

If the caller is a law enforcement officer and the situation is an
emergency (e.g., trying to find a missing child), the Helpdesk should
put the officer on hold and escalate the call to one of the Network
Services Incident Team members who can work directly with the officer.
The Network Services Incident Team member should verify the caller's
identify before sharing any information with them.

 

 

 

:: Catherine Sherry, Principal Security Specialist
:: University Information Technology Services (UITS)
:: University of Massachusetts President's Office

:: 508-856-1547
:: 508-856-4844 Fax
:: csherry () umassp edu <mailto:csherry () umassp edu> 

University of Massachusetts : 333 South St. : Suite 400 : Shrewsbury, MA
01545 : www.massachusetts.edu <http://www.massachusetts.edu/> 

 

________________________________

From: Theresa Rowe [mailto:rowe () OAKLAND EDU] 
Sent: Tuesday, January 22, 2008 4:32 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Releasing details

 

We sometimes get requests from student and staff that read something
like the following:

"Joan Doe called the Help Desk asking for if we could trace an IP
address of a
computer that sent an email from her account on January 19 sometime
around 3:30 AM. 
She said that someone had hacked into her email account and deleted some
messages as well as sent some. She has since then changed her password
but is now
looking to take action on the person that sent it."

Do you have protocols on how you handle such an incident?  In most of
these cases, the logins look authentic - i.e., the real ID and password
were used. 


-- 
Theresa Rowe
Chief Information Officer
rowe () oakland edu
Oakland University