Educause Security Discussion mailing list archives
Re: Incedent Response and Forensics
From: Roger A Safian <r-safian () NORTHWESTERN EDU>
Date: Thu, 21 Mar 2013 17:43:00 +0000
We ask if there's any PII on it, and if we are told no, we remediate and move along. From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Josh Flaherty Sent: Thursday, March 21, 2013 11:19 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Incedent Response and Forensics Greetings, It is our policy that whenever we are notified by an external entity that one of our machines is compromised we initiate a process which involves collecting the machine, taking an image, scanning for PII and if PII is found performing a forensics investigation. The problem is that we have had so many come in the recent months that our forensics staff cannot keep up. My question is, do others have a similar policy for external compromise notifications or do any of you just remediate the machine and move on? Thank You, -Josh Flaherty Information Security Officer Indiana State University
Current thread:
- Incedent Response and Forensics Josh Flaherty (Mar 21)
- Re: Incedent Response and Forensics Shamblin, Quinn (Mar 21)
- Re: Incedent Response and Forensics Walther, Benjamin J. (Mar 21)
- Re: Incedent Response and Forensics Roger A Safian (Mar 21)
- Re: Incedent Response and Forensics Shamblin, Quinn (Mar 21)