Tuesday, February 8, 2011 - Almanac Vol. 57, No. 21
Know What to do if a Computer Security Incident Happens to You
If a computer security incident happens to you, don't panic. Penn has established a policy and infrastructure to support the appropriate response to security incidents. Penn's policy, the Information Systems Security Incident Response Policy, contains several components to ensure that computer security incidents are handled responsibly and that appropriate internal and external communication takes place.
The most important point to remember is that the policy requires that all Penn faculty, staff, consultants, contractors and students (and their respective agents) report "computer security incidents" to their local IT management, who in turn must notify ISC Information Security. A "computer security incident" is defined as any event that threatens the confidentiality, integrity, or availability of University systems, applications, data or networks. This definition is intended to cover, at a minimum, compromised machines, lost or stolen computing or storage devices, and outright theft or abuse of data.
Under the policy, an immediate response team is assembled in cases involving "confidential University data." The immediate response team investigates, contains, mitigates, and shares learning from computer security incidents. In certain cases, a senior response team is convened as well to address the need for any additional communications and actions.
The full text of the Information Systems Security Incident Response Policy can be viewed at www.net.isc.upenn.edu/policy/approved/20070103-secincidentresp.pdf