Computing & Information ServicesISGBrown University

hamburgerfensuckedSecurity

Nov 20, 2013 (3 years and 6 months ago)

62 views


Incident Handl
er

Rpt &
Corrective Action Plan

Current as of:
04/12/2012


cis.brown.edu/isg/forms


Computing & Information Services



ISG



Brown University

B o x 1 8 8 5


3 D a v o l S q u a r e


P r o v i d e n c e, R I 0 2 9 0 3


4 0 1.8 6 3.7 2 6 6




INCIDENT

HANDL
ER

REPORT

&
CORRECTIVE ACTION PLAN

for Brown
Compromised Systems


Although a determined person can access a

protected

machine if so desired, systems are generally compromised because
they are somehow left vulnerable.


In order to minimize the number of compromised systems at Brown University, we are
asking those who manage systems
to
document
each

incident and
generate a simple plan to improve local processes so
that the same type of incident
does
not recur.


T
he
appropriate department
personnel
should complete the following
INCIDENT HANDL
ER

REPORT &

CORRECTIVE ACTION
PLAN for
IT Security
within
5 business
days

of the incident.

The plan does not

have to be implemented within 5 business
days
, but we do want to know what the implementation dates will be for the plan.

At any time, an individual can con
tact
IT Security or other
CIS
technical personnel to request assistance in developing their plan for going forward.


This exercise is meant to minimize risk to the department

and to Brown
, as well as to
reduce

the
possibility that the same
kind of inciden
t will recur
.


It is important to remember that a compromised system is often not isolated,
and

many times
is used to scan and attack other machines on or off campus.


N
OTE
:

PASSWORDS
USED TO ACCESS

AFFECTED MACHINES
(OR APPLICATIONS FROM THE AFFECTED
MACHINES)
MUST BE CHANGED
IMMEDIATELY
.


(See Password Policy
at

www.brown.edu/cis/policy/password.
php
)

Section 1

Date
and time
of
i
ncident
:







Departme
nt:








Date of Incident
Notification

(from CIS)
:







CIRT
Ticket #
:







Name of DCC or SysAdm
:








Phone
:







Department chair
/head
:







Phone
:






Incident type
:

compromised machine


malicious code


policy violation


other

If other, please specify:







Work station used by:


single
-

user


multi
-
users

Location
:







Name(s) of user(s):







What is the machine’s function
?








Was
Brown Confidential Information

stored on affected machine(s) and potentially "exposed" to
unauthorized individuals or groups?



Yes



No

If yes, what kinds of information?


A. PII requiring disclosure



B. PII not requiring disclosure

D
escribe information
.

Note: If PII requires disclosure, please attach a copy of email completed

(
#3 on Incident Handler Checklist.









How was the machine compromised?

(to the best of your knowledge)








Are there other systems that share a trust relationship with the compromised machine that we should
be worried about?

Yes


No If yes, please
describe.









Incident Handl
er

Rpt &
Corrective Action Plan

Current as of:
04/12/2012


cis.brown.edu/isg/forms


Identified vulnerabilities
:
(underlying cause of incident)








Approximate cost of incident:

(incl. hrs of labor)







Date of Corrective Action Plan:

(submit within 5 days)







Person responsible for the plan
:







Person responsible for the plan’s implementation
:







Section
2

Steps to be taken

(Attach other sheets as needed)

Dates

1.














2.














3.














4.













5.















Section
3



(
Email routing may be used in lieu of hardcopy signatures
)

P
assword Change(s)

c
ompleted

by
:






Please Print Name




Date

Signature of Responsible Person





Date

Signature of
Chief Information Security Officer

(must be signed by
CISO prior
to
Department Head signature)


Date






Signature of Department Head



Date


Section 4


(
The following fields t
o be completed by
the
Director of IT Security)

Follow up meeting held with:







Date
:







Status report title:

Completed on:

Written response prepared by:

Delivered on:

Problem resolved on:

Date: