Re: Compromised Accounts Procedures

["Jacobson, Dick" <dick.jacobson () NDUS EDU>]

Might be a fine line but isn't a compromised account different than a compromised machine ?  And probably necessitate a 
different remediation procedure  ?

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Aaron 
Kirby
Sent: Wednesday, May 23, 2012 12:22 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Compromised Accounts Procedures

You could take a look at how Google is handling the DNS changer infections.


http://krebsonsecurity.com/2012/05/google-to-warn-500000-of-dns-changer-infections/



On Wed, May 23, 2012 at 1:10 PM, Tonkin, Derek K.
<Derek_Tonkin () baylor edu> wrote:
> I'm looking into doing this as well so I'd be interested in any 
> templates others have developed as a jumping off point.
>
> -------------Baylor University-------------
>
> Derek Tonkin
>
> Information Security Analyst
>
> Information Technology Services - Security
>
> derek_tonkin () baylor edu        254-710-7061
>
> ---------------Sic 'em Bears---------------
>
>
>
> From: The EDUCAUSE Security Constituent Group Listserv 
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Robert Meyers
> Sent: Wednesday, May 23, 2012 11:29 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Compromised Accounts Procedures
>
>
>
> Does anyone have a documented process, guidelines, or procedures taken 
> when a user reports a compromised account? We are looking to create 
> such documentation in order to establish consistency in our trouble 
> ticket handling of such cases.
>
>
>
> Thanks in advance!
>
>
>
> Bob
>
>
>
>
>
>
>
>
>
> Robert E. Meyers,  Ms.Ed.
> Manager, Security Awareness
>   Information Security Services
>
> West Virginia University
> office: (304) 293-8502
> remeyers () mail wvu edu