LSAIT — College of LS&A Information Technology | University of Michigan

accessible view | jump to content | search | jump to site-wide navigation

Notification Policy for Security Incidents

As part of our notification process, the email group abuse@lsa.umich.edu will be set up (and aliased as appropriate) by Mark Montague. Members of this group will include:

Chris Brenner, Karen Pachla (LSA-SST UNIX), Mark Weishan, Ron Loveless, LSA HelpDesk. Other schools and University-wide notification groups will be updated about this College-level system notification group (Karen Pachla has full list of those groups to be informed- besure to include umnet_admins).

Overall Considerations

In the event of a network security violation the basic steps should be:

• Disconnect the workstation from the network
• Neutralize the threat based upon your technical expertise
• Inform LSAIT's SST-Windows and/or SST-Unix group as appropriate
• Either DSA and either, or both, SST divisions will investigate as time/resources allow
  (do we want a statement in here from each SST division about what
  they expect to follow up on? E.g., Ron = multiple machines or depts.
  And we are mostly concerned about build machines? Mark = all incidents)
• Notify law enforcement (still checking SPG on this-nothing found to date 10/10/01)
• Notify other campus information service providers about incident and resolution
  if appropriate

Notification re: Network Security from outside of LSA

Notification of a system problem from outside of the College should go to the email group mentioned above.

The first individual to receive the notification should respond to the list to "claim" the problem. They should notify the DSA of the affected department or the Manager of CSG as appropriate. [Should this person also contact the Help Desk so the call is logged?]

The CSG technician or the DSA that is notified will be expected to follow the steps outlined in the following section keeping in mind the overall considerations as discussed above.

Notification re: Network Security from within LSA

If the problem is discovered by a DSA they should:

1. Call CSG
2. CSG/Help Desk should log the call
3. Help Desk should be trained to respond by instructing the DSA to:
   • unplug the machine
   • mark it as infected/violated so it isn't used
   • notify LSA-SST-NT or LSA-SST-Unix as appropriate based on OS

If a CSG technician discovers the problem they should make sure that a call for the problem is logged and then proceed from Step 3 above.

back to top

• Who We Are, What We Do
  • About LSAIT
  • LSAIT Staff Directory
  • Contact Us
• Getting Started
  • Getting Started Overview
  • Windows User FAQ
• Help with Equipment and Software
  • Help with Equipment
  • Help with Software
  • New Faculty Computers
  • Faculty Computing Upgrade
• Summary of Accounts and Passwords
  • Accounts used in LSA
• E-mail
  • E-mail Overview
• Advanced Computing
  • Collaborations
  • Resources
• Department Admin Toolbox
  • Security
  • Windows Environment
  • Mac OS X Environment
  • Unix Environment
  • Video Conferencing
  • IT Professional Development

LSA | University of Michigan

© 2008 Regents of the University of Michigan | Web design by Marketing Communications

This website is optimized for standards-compliant browsers, following guidelines for XHTML, CSS and accessibility | XML | Contact webmaster

---

back to top