[unisog] Security Incident Handling Procedure

Jenkins, Matthew mjenkins7 at fairmontstate.edu
Thu Mar 23 22:41:23 GMT 2006


I would be interested in seeing what you come up with.  I presented some basic steps to my director several months ago.  It was decided that we would shutdown student ports if we knew their machine was infected.  However, in the end, students' parents complained, and we had to turn the ports back on.  We have since begun to better secure our student access ports utilizing protected ports and ACLs so that they do not infect each other and make the problems worse.

I would say that our number one threat was coming from viruses distributed by student access ports.  Second to that are viruses on faculty/staff workstations, which have been sparse thanks to desktop and e-mail virus and spyware/adware scanning.  I would bet that after we are done locking our student access ports and wireless access down, we will see viruses from students be much less of a threat.

We have yet to develop incident response procedures; however, I definitely think that every organization needs them.

I did a quick Google search and came across these links that may help:
http://www.sans.org/resources/policies/item7.pdf

http://www.mtech.edu/NetServe/Security_Policies/Incident%20Handling%20Procedures.htm

I found a few security related resources on:
http://www.educause.edu/

Matt

Matthew Jenkins
Network/Server Administrator
Fairmont State University
304.367.4955
AOL: MLJenkinsCom  Yahoo: mljenkins  ICQ: 8116624  MSN
Visit us online at www.fairmontstate.edu
________________________________________
From: unisog-bounces at lists.sans.org [mailto:unisog-bounces at lists.sans.org] On Behalf Of Tim Lane
Sent: Thursday, March 23, 2006 5:17 PM
To: UNIversity Security Operations Group
Subject: [unisog] Security Incident Handling Procedure

Hi Folks,

I am developing a written procedure "IT Security Incident Handling" to be followed in the event of an incident (mainly virus outbreak or hacking event).

Just wondered if anyone has already been down this track and has some developed procedure that they might like to share???

Thanks,

Tim
Tim Lane
Information Security Program Manager

Information Technology and Telecommunication Services
Southern Cross University
PO Box 157 Lismore NSW 2480

P02 6620 3290        02 6620 3033      tlane at scu.edu.au
t http://www.scu.edu.au 



More information about the unisog mailing list