Search| Browse| Contribute
Library| Blogs| Jobs| Podcasts| Wikis| Feeds
Page Location:
Home > Browse > Cybersecurity > Security Management > Incident Handling and Response (4 records)
Alternate ViewsRSS

Incident Handling and Response

Recent blog entries tagged with Incident Handling and Response.

GAO Releases Report on Data Breaches and Identity Theft
Created by Rodney J. Petersen (EDUCAUSE) on July 24, 2007

The Government Accountability Office (GAO) has released a Report on Data Breaches that concludes while "breaches of sensitive information have occurred frequently and under widely varying circumstances, . . . the extent to which data breaches have resulted in identity theft is not well known." It further concludes that "should Congress choose to enact a federal notification requirement, use of a risk-based standard could avoid undue burden on organizations and unnecessary and counterproductive notifications of breaches that present little risk."

Some further higher education references in the report:

| | | | | |
Rodney's blog  Login to post comments  Read more  Send to Friend  3988 reads

New Business Continuity Planning Page Posted at EDUCAUSE Connect
Created by Colleen Luckett (EDUCAUSE) on May 24, 2007

EDUCAUSE has identified links concerning business continuity that may be useful to the higher education community on the new Business Continuity Planning resource page, including EDUCAUSE Review and EDUCAUSE Quarterly articles, federal government policies, and university resources.

| | | | | |
cluckett's blog  Login to post comments  Send to Friend  3924 reads

EDUCAUSE Security Conference: Incident Tracking and Reporting
Created by Lida L. Larsen (EDUCAUSE) on April 20, 2007
Summary
Incident Tracking and Reporting
Kathy Bergsma, University of Florida
Joshua Beeman, University of Pennsylvania
 
2007 EDUCAUSE Security Professionals Conference
Thursday, April 12, 2007
Denver, CO
 
Notes:
 
Kathy Bergsma reported on the UFL environment.

UFL has more than 50K students and is decentralized.
 
The first thing UFL tracks is the current contacts for security incident reporting.
It includes network managers, server managers, information security managers and administrators and others.
 
UFL has created an incident response standard that describes 8 response steps from discovery to resolution, establishes an incident response team, defines team and unit responsibilities, and sets up specific procedures for different types of incidents. It is available online at http://www.it.ufl.edu/policies/security/uf-it-sec-incident-response-rewrite.html
 
What UFL tracks:
  • incident identification sources such as IDS (Intrusion Detection System), Email abuse complaints, flow data, and honeypots (decoys)
  • critical elements such as IP address, unit, type, severity, containment and resolution times
 
Various options and tools are available for ticket creation when incidents are identified and the UFL incident response team receives daily reports on open tickets. In addition, bi-weekly automated reminders for open tickets are sent to their owners. The centralized unit enters a ticket from the point of discovery via IDS (currently using Dragon but switching to Snort)   The decentralized unit has access to enter updates on to the ticket thereafter. Everything is done via the web.
 
Vulnerability detection is done with continuous Nessus top-20 scans and the results are tracked in SQL.   They are able to find the weak spots in their systems and compare data from year to year. The hardware for this is distributed across three machines and takes up to 3 days for a complete scan.
 
Individual unit reports are generated each semester that compare the unit to the 5 most active units in regard to number of incidents, number of incidents adjusted for unit size, average number of days to contain incidents, number of critical vulnerabilities, and number of critical vulnerabilities adjusted for unit size. No unit wants to be in the top 5 group which are highlighted in bright primary colors that draw attention to their security issues. The report also posts the number of each incident type and the comparison to the previous semester.
| |
llarsen's blog  Login to post comments  Read more  Send to Friend  3984 reads

ECAR Releases New Study on IT and Business Continuity in Higher Education
Created by Colleen Luckett (EDUCAUSE) on March 29, 2007
ECAR logoThe latest EDUCAUSE Center for Applied Research (ECAR) study, “Shelter from the Storm: IT and Business Continuity in Higher Education,” looks at IT unit readiness to foster and support the functioning of colleges and universities that are challenged by disruption. Responding to a well-documented increase of interest in business continuity and disaster recovery issues among higher education chief information officers (CIOs), ECAR designed the study to inform executives about how institutions approach continuity issues and to identify practices that are associated with good business continuity outcomes.

The study methodology included a literature review; consultation with a select group of CIOs and business continuity experts for the purpose of identifying and validating research questions; a quantitative survey of IT administrators (mostly CIOs) at 340 higher education institutions; postsurvey interviews with 15 executives and IT staff members involved in business continuity; a quantitative survey of institutional business officers (mostly CBOs/CFOs) at 247 member institutions of the National Association of College and University Business Officers (NACUBO); and four case studies looking at business continuity planning and operations Florida State University, New York University, Pace University, UC Davis, and UCLA.
| | | | | | |
cluckett's blog  Login to post comments  Read more  Send to Friend  3936 reads