Information Security Advice (ISO § 6.1.2.f, § 8.2.2)

The following is provided to assist the public with the protection and safe handling of information.

Risk Management  (ISO § 4)

The world is a dangerous place, not because of those who do evil, but because of those who look on and do nothing. - Albert Einstein 

 

Vigilance - Is my information or privacy in danger?

Assess the Risk - identify potential vulnerabilities with your computer and threats to your information on a continuing basis by monitoring the following and similar sites.

Security Alerts
Security News 
Perspectives

Consider making http://www.bgsu.edu/infosec/  the default home page for your web browser.

Deterrence - How do I protect my information?

Manage the Risk - Security (the freedom from harm) is achieved through a disciplined process of avoiding risky behavior, applying appropriate controls, by knowingly and objectively accepting safe levels of risk, and promptly reporting incidents or security weaknesses for investigation. 

Security Disciplines
Report Incidents

Recovering From a Security Breach  (ISO § 13.2)

Once a breach of security occurs, compromising a computer system or information, it is too late for vigilance or deterrence.  A disciplined recovery however, can improve a bad situation.

 

Response - What do I do first?

Containment - The longer a compromised computer remains on the network, the greater the potential for harm.  Immediately remove it from the network to disable the attacker's ability to control it and to reduce the potential volume of information exposed.  Cease using the computer to prevent loss of valuable forensic evidence.

Take Notes - Prepare to take notes, with date and time, of all prior and subsequent actions and who was involved.

Initial Notification  - Contact law enforcement or authorized information security department for further instructions. Notify the Internet Service Provider immediately, and ask that any relevant information be retained for further investigation by law enforcement, upon request.

Preservation of Evidence - It is likely that the original hard drive(s) will need to be turned over to authorities for evidence and forensic investigation.  Under the direction of law enforcement or information security department, collect evidence such as log files and audit trails, not just from the affected computer but from network devices within your control. Law enforcement can issue subpoenas to obtain information from the Internet Service Provider as necessary.  Do not re-use or overwrite any backup media, as it might contain additional evidence.

Recovery - how do I get back in operation?

System Restore - It will be necessary to restore your hard drive(s) from backups - if you are certain that a prior backup is not also compromised. If you do not have a backup, it is possible for law enforcement to professionally copy the original hard drive without disturbing the content; however the drive must not be used as is.  A new system must be built on a fresh hard drive and necessary files recovered from the copy of the original drive.

Investigation  - determine the exact cause of the compromise and contributing factors.

Breach Notification - Individuals should contact relevant banks, credit card companies, or other appropriate agencies if sensitive information was exposed.  Organizations should contact customers - if customers are residents of states with  breach notification laws or if information is protected by  state and federal regulations , consult legal representation for the appropriate course of action.  Organizations might also be required to notify regulating authorities.

Corrective Action - Following the investigation, correct the root causes of the breach, and adopt essential security disciplines described above.

Additional Information, Advice, and Support

CIO  - Office of the Chief Information Officer

Technology Support Center  - central point of contact for faculty and staff questions, problem reports, service requests and inquiries for University computer systems and communications technologies at BGSU