Educause Security Discussion mailing list archives
Re: Outsourcing Forensics
From: "Mclaughlin, Kevin L (mclaugkl)" <mclaugkl () UCMAIL UC EDU>
Date: Tue, 29 Aug 2006 12:50:09 -0400
Hi All: In reference to this statement from Dan's response below: "- using an external firm helps eliminate the possibility of internal staff being pressured deliver findings that are not supported by data," Dan's comments are right on track but one watch out here is that hiring an External company does not ensure that you will receive findings supported by data. Without going into details I have been directly involved with incidents where the findings of an External provider were pushed in a certain direction by the CIO who was writing their paycheck. IMO - it boils down to: as part of the strategy for your department do you want to maintain the expense and training of having in-house forensic expertise or do you want to rely on an outsourcer to provide you with the data and trust that you are getting good data? Either way you have to trust someone, either someone who works directly for you or someone who works for an external company. My view is a bit prejudiced based on prior experience as a Special Agent and I am not comfortable outsourcing this potentially sensitive and damaging area to a 3rd party when I have the skills in-house to do the work. -Kevin Kevin L. McLaughlin CISSP, PMP, ITIL Master Certified Director, Information Security University of Cincinnati 513-556-9177 (w) 513-703-3211 (m) -----Original Message----- From: Daniel R Jones [mailto:Dan.Jones () COLORADO EDU] Sent: Tuesday, August 29, 2006 10:47 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Outsourcing Forensics As part of our incident response process we require external forensics if there is an incident involving "private data" (in our data classification scheme examples would be SSN, card holder information). There are several reasons for this: - if something does need to go to court we want the external expert, - using an external firm helps eliminate the possibility of internal staff being pressured deliver findings that are not supported by data, - in the case of card holder information you do not really have the choice but to use a PCIDSS certified forensics firm. In addition to making sure your processes define how a potential data breach would be handled I would also recommend that you have a policy requiring immediate notice to your equivalent of a security office whenever there is an incident involving sensitive data. Dan Jones Campus IT Security Office University of Colorado at Boulder ________________________________________ From: Bret R Blackman [mailto:bblackma () MAIL UNOMAHA EDU] Sent: Monday, August 28, 2006 1:12 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Outsourcing Forensics How many outsource their forensic work to a U.S. firm when there is an incident involving confidential information on their campuses? Bret R. Blackman University of Nebraska at Omaha Director of Administrative Information Services Information Technology Services, EAB 110 bblackma () mail unomaha edu
Current thread:
- Re: Outsourcing Forensics, (continued)
- Re: Outsourcing Forensics Drews, Jane E (Aug 28)
- Re: Outsourcing Forensics Delaney, Cherry L. (Aug 28)
- Re: Outsourcing Forensics Gary Flynn (Aug 28)
- Re: Outsourcing Forensics Russell Fulton (Aug 29)
- Re: Outsourcing Forensics Cam Beasley (Aug 29)
- Re: Outsourcing Forensics Samuel Liles (Aug 29)
- Re: Outsourcing Forensics Ken Connelly (Aug 29)
- Re: Outsourcing Forensics Daniel R Jones (Aug 29)
- Re: Outsourcing Forensics Jim Dillon (Aug 29)
- Re: Outsourcing Forensics Gary Flynn (Aug 29)
- Re: Outsourcing Forensics Mclaughlin, Kevin L (mclaugkl) (Aug 29)
- Re: Outsourcing Forensics Jim Dillon (Aug 29)