Educause Security Discussion mailing list archives
Re: Incedent Response and Forensics
From: "Shamblin, Quinn" <qrs () BU EDU>
Date: Thu, 21 Mar 2013 16:26:59 +0000
We have a similar policy here at BU Quinn R Shamblin ------------------------------------------------------------------------------------- Executive Director of Information Security, Boston University CISM, CISSP, GCFA, PMP - O 617-358-6310 M 617-999-7523 Contact me securely: https://securecontact.me/qrs () bu edu From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Josh Flaherty Sent: Thursday, March 21, 2013 12:19 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Incedent Response and Forensics Greetings, It is our policy that whenever we are notified by an external entity that one of our machines is compromised we initiate a process which involves collecting the machine, taking an image, scanning for PII and if PII is found performing a forensics investigation. The problem is that we have had so many come in the recent months that our forensics staff cannot keep up. My question is, do others have a similar policy for external compromise notifications or do any of you just remediate the machine and move on? Thank You, -Josh Flaherty Information Security Officer Indiana State University
Current thread:
- Incedent Response and Forensics Josh Flaherty (Mar 21)
- Re: Incedent Response and Forensics Shamblin, Quinn (Mar 21)
- Re: Incedent Response and Forensics Walther, Benjamin J. (Mar 21)
- Re: Incedent Response and Forensics Roger A Safian (Mar 21)
- Re: Incedent Response and Forensics Shamblin, Quinn (Mar 21)