Educause Security Discussion mailing list archives
Incedent Response and Forensics
From: Josh Flaherty <Josh.Flaherty () INDSTATE EDU>
Date: Thu, 21 Mar 2013 12:19:29 -0400
Greetings, It is our policy that whenever we are notified by an external entity that one of our machines is compromised we initiate a process which involves collecting the machine, taking an image, scanning for PII and if PII is found performing a forensics investigation. The problem is that we have had so many come in the recent months that our forensics staff cannot keep up. My question is, do others have a similar policy for external compromise notifications or do any of you just remediate the machine and move on? Thank You, -Josh Flaherty Information Security Officer Indiana State University
Current thread:
- Incedent Response and Forensics Josh Flaherty (Mar 21)
- Re: Incedent Response and Forensics Shamblin, Quinn (Mar 21)
- Re: Incedent Response and Forensics Walther, Benjamin J. (Mar 21)
- Re: Incedent Response and Forensics Roger A Safian (Mar 21)
- Re: Incedent Response and Forensics Shamblin, Quinn (Mar 21)