Educause Security Discussion mailing list archives
Re: Releasing details
From: "Sherry, Cathy" <csherry () UMASSP EDU>
Date: Wed, 23 Jan 2008 09:54:38 -0500
The University of Massachusetts President's Office procedure is: 1. Individual contacts the Helpdesk either to report issue. 2. Helpdesk opens ticket noting as much information (i.e., email id, IP address, frequency, time messages sent, when messages started being sent, etc.) about the suspected incident as possible. The TSC does not give any information to the caller other than that: a. The caller should file a compliant with campus and/or local law enforcement, b. The caller should notify their ISP in writing if ISP is other than UMass, c. If ISP is UMass, their complaint will be escalated to the appropriate parties within the University. The University will not contact or file a report with law enforcement as that is the responsibility of the individual, but that when law enforcement contacts us we will work with law enforcement as needed. The Helpdesk should explain that any follow-up investigation must be done via the law enforcement, and that we cannot provide them with information on source of emails, etc. If the caller is a law enforcement officer who is looking for IP address information and the situation is not an emergency, refer the officer to legal counsel. The University does not respond to such requests via the telephone. All requests should be sent in writing to the University legal counsel at the 225 Franklin St., 33rd Floor, Boston Ma 02110 address. Legal counsel will respond. If the request does not contain confidential information it can also be faxed to 617-287-7044. If the caller is a law enforcement officer and the situation is an emergency (e.g., trying to find a missing child), the Helpdesk should put the officer on hold and escalate the call to one of the Network Services Incident Team members who can work directly with the officer. The Network Services Incident Team member should verify the caller's identify before sharing any information with them. :: Catherine Sherry, Principal Security Specialist :: University Information Technology Services (UITS) :: University of Massachusetts President's Office :: 508-856-1547 :: 508-856-4844 Fax :: csherry () umassp edu <mailto:csherry () umassp edu> University of Massachusetts : 333 South St. : Suite 400 : Shrewsbury, MA 01545 : www.massachusetts.edu <http://www.massachusetts.edu/> ________________________________ From: Theresa Rowe [mailto:rowe () OAKLAND EDU] Sent: Tuesday, January 22, 2008 4:32 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Releasing details We sometimes get requests from student and staff that read something like the following: "Joan Doe called the Help Desk asking for if we could trace an IP address of a computer that sent an email from her account on January 19 sometime around 3:30 AM. She said that someone had hacked into her email account and deleted some messages as well as sent some. She has since then changed her password but is now looking to take action on the person that sent it." Do you have protocols on how you handle such an incident? In most of these cases, the logins look authentic - i.e., the real ID and password were used. -- Theresa Rowe Chief Information Officer rowe () oakland edu Oakland University
Current thread:
- Releasing details Theresa Rowe (Jan 22)
- <Possible follow-ups>
- Re: Releasing details Bristol, Gary L. (Jan 22)
- Re: Releasing details Willis Marti (Jan 22)
- Re: Releasing details Gary Dobbins (Jan 22)
- Re: Releasing details Roger Safian (Jan 22)
- Re: Releasing details Joel Rosenblatt (Jan 22)
- Re: Releasing details Chad McDonald (Jan 23)
- Re: Releasing details David, Elaine (Jan 23)
- Re: Releasing details Sherry, Cathy (Jan 23)
- Re: Releasing details Eric Jernigan (Jan 23)
- Re: Releasing details Willis Marti (Jan 23)