Incident Handling and Response

After the tragic events of April 16, 2007, at Virginia Tech, IT professionals and university legal counsel had to quickly address the need to collect and preserve data in the event of future litigation. Performing tasks while dealing with grief and protecting academic freedom and privacy issues has required a delicate approach.

With a mixture of centralized and local IT service providers, higher ed presents unique challenges to effective incident response. The University at Albany has developed a web-based incident management and reporting tool that provides immediate sharing of incident information with local responders and real-time incident response functionality (e.g., switch port control).

Recognizing that an incident response policy is only as good as the procedures that support it, Dartmouth College developed its approach to incident response from the bottom up. This session will highlight the advantages of establishing procedures first and policy second when it comes to incident response planning.

Incident-response processes and tools are, by-and-large, designed to guide reaction to situations within an organization and are geared toward incidents involving local users and systems. With federated identity, we're now expanding this and entering into agreements and relationships that enable an extended community to access our services and our campus constituents to use off-site services in an authenticated and authorized fashion. In this new context, how do you respond when someone from a collaborating organization is hacking your systems? This session will discuss the challenges in the policy, practice, and technology of addressing incident response and mitigation in a federated world.

Review of news sources and databases shows an increase in the number of both security incidents and affected institutions in the last year.

"When is higher education going to get serious about safeguarding the private information of students,
faculty, and staff?"

This is the final report for the 2007 NSF Cybersecurity Summit, held February 22 & 23rd, 2007, in Arlington, VA.

The higher education community faces increasingly difficult issues of security in a networked world, compounded by the demands of advanced applications. Performance requirements (high bandwidth, end-to-end transparency, new protocols) are essential for the academic mission and innovation, but are not easily accommodated in current approaches to network security. The Salsa group is forging new frontiers to address these issues.

The annual Campus Computing Survey focuses on IT security and crisis management, finding gaps in preparation but fewer attacks on networks.

The focus on information security at Embry-Riddle Aeronautical University, as in many institutions, has evolved gradually over a number of years. Beginning with what can best be described as ad hoc initiatives driven by afterthought oversight, the university's focus on information security is maturing into a formalized, integrated business component and directive.