Spacer
Spacer
BGSU
HomeAcademicsAdmissionsThe ArtsAthleticsLibrariesOffices
Spacer
Spacer Spacer
Top Nav   ITS Information Security & Privacy
Cross Hatch

Infosec Home

Security Alerts

Security Advice

ITS Computer Policies

Security Compliance

Security News

Info Stewardship

ITS Main

Office of the CIO
No Banner
Spacer Employee Advice Spacer
 
 

Information Security Advice (ISO § 6.1.2.f, § 8.2.2)

The following is provided to assist BGSU faculty, staff, and student employees with the protection and safe handling of information on University computer systems and the University network.

Risk Management  (ISO § 4)

The world is a dangerous place, not because of those who do evil, but because of those who look on and do nothing. - Albert Einstein ... ... An ounce of prevention is worth a pound of cure. - Benjamin Franklin

Executive Overview 

Map  Acrobat Logo - a graphical way to navigate the BGSU InfoSec web site, within the context of strategic risk management practices.

Vigilance - Is any BGSU information vulnerable?

Assess the Risk - identify changes in the IT environment, potential vulnerabilities with your computer, and threats to University information on a continuing basis by monitoring the following and similar sites.

Mission, Policies, & Regulations
Organization Plans & Capabilities
Best Practices
Security Vulnerabilities, Threats, & Alerts
Security News
Perspectives
Technology Trends

Consider making http://www.bgsu.edu/infosec/  the default home page for your web browser.  The scrolling marquee will alert you to significant threats that could impact the campus. 

Deterrence - How do I protect sensitive University information?

Manage the Risk - Security (the freedom from harm) is achieved through a disciplined process of avoiding risky behavior, applying appropriate controls, by knowingly and objectively accepting safe levels of risk, and promptly reporting incidents or security weaknesses for investigation. 

Security Disciplines   Acrobat Logo
Report Incidents  

Recovering From a Security Breach  (ISO § 13.2)

Tis easy to see, hard to foresee. - Benjamin Franklin ... We can't solve problems by using the same kind of thinking we used when we created them. - Albert Einstein

Once a breach of security occurs, compromising a computer system or information, it is too late for vigilance or deterrence.


Weaknesses in the risk management processes surrounding the affected information may have contributed to an exploit.  Perhaps customers preferred more convenient or lower cost services that were easily exploited.


Nonetheless, a disciplined recovery can improve a bad situation.

 

Response - What do I do first?

Contact the Information Security & Privacy Office  immediately, to set the following processes in motion as appropriate:

Containment - The longer a compromised computer remains on the network, the greater the potential for harm.  Immediately remove it from the network to disable the attacker's ability to control it and to reduce the potential volume of information exposed.  Cease using the computer to prevent loss of valuable forensic evidence.

Take Notes - Prepare to take notes, with date and time, of all prior and subsequent actions and who was involved.

Initial Notification  - Contact law enforcement or authorized information security department for further instructions. Notify the Internet Service Provider immediately, and ask that any relevant information be retained for further investigation by law enforcement, upon request.

Preservation of Evidence - It is likely that the original hard drive(s) will need to be turned over to authorities for evidence and forensic investigation.  Under the direction of law enforcement or information security department, collect evidence such as log files and audit trails, not just from the affected computer but from network devices within your control. Law enforcement can issue subpoenas to obtain information from the Internet Service Provider as necessary.  Do not re-use or overwrite any backup media, as it might contain additional evidence.

Recovery - how do I get back in operation?

System Restore - It will be necessary to restore your hard drive(s) from backups - if you are certain that a prior backup is not also compromised. If you do not have a backup, it is possible for law enforcement to professionally copy the original hard drive without disturbing the content; however the drive must not be used as is.  A new system must be built on a fresh hard drive and necessary files recovered from the copy of the original drive.

Investigation  - determine the exact cause of the compromise and contributing factors.

Breach Notification - Individuals should contact relevant banks, credit card companies, or other appropriate agencies if sensitive information was exposed.  Organizations should contact customers - if customers are residents of states with  breach notification laws or if information is protected by  state and federal regulations , consult legal representation for the appropriate course of action.  Organizations might also be required to notify regulating authorities.

Corrective Action - Following the investigation, correct the root causes of the breach, and adopt essential security disciplines described above.

Additional Information, Advice, and Support

CIO  - Office of the Chief Information Officer

Technology Support Center  - central point of contact for faculty and staff questions, problem reports, service requests and inquiries for University computer systems and communications technologies at BGSU

Bowling Green State University incorporates the ISO/IEC 17799:2005 Code of Practice for Information Security Management. References to ISO section numbers facilitate Plan organization and assessment.
  		 
Spacer
 
Spacer Spacer
Spacer
Spacer
Spacer
Spacer
Bowling Green State University  |  Bowling Green, OH 43403-0001  |  Contact Us  |  Campus Map  |  Site Map  |  Accessibility Policy (PDF Reader)
Spacer