网络事故报告程序

Summary

New York State policy and SUNY System 政府 require that SUNY 校园es report information security incidents in a timely and 正式的方式 so that other 状态 entities may be informed and warned. This is an important and official duty that must be understood by information technology managers and technicians on each 校园 to ensure that reports are filed efficiently and completely in all circumstances.

Background

The New York State Office of Cyber Security and Critical Infrastructure Coordination (CSCIC) has issued two components of a “Cyber Security Policy.“首先是网络安全政策P03-001(网络事件报告政策). 二是《正规博彩平台》(《推荐全球十大博彩公司排行榜》).

网络事件报告政策要求每个纽约州立大学校园向州政府报告网络安全事件. Although the policy directs agencies to report incidents to CSCIC the SUNY procedure is to report incidents through System 政府 whenever possible. The SUNY procedure provides contingencies for reporting incidents that occur outside of normal business hours and for problems with established reporting procedures.

The SUNY procedure does not preclude a 校园 from reporting or working directly with CSCIC during a cyber incident. CSCIC is a valuable resource and is able to work with 校园es to assess the nature and extent of the incident and then assist with an incident response strategy for investigation, 容器, 缓解措施和后续行动.

范围

哈德逊山谷社区学院 is required by New York State and SUNY System 政府 to report information security incidents in a timely, 正式的方式. 应报告以下类型的信息安全事件.

未经授权的访问:

  • 对已成功的系统的未经授权的访问,如网站污损.
  • An unauthorized access to a system that has not yet been proven to be successful but that we believe may impact other 状态 entities.
  • 访问持久化系统(如自动的
    持续探测Web服务器并导致响应问题的脚本.

恶意代码

  • 恶意代码(特洛伊木马)的实例, 病毒, 蠕虫)具有广泛影响或对一个或多个关键任务系统产生不利影响.
  • An instance of malicious code that has been blocked by an email proxy or anti-病毒 software but that seems persistent and beyond currently known malicious codes

拒绝服务

  • A denial of service attack that has widespread impact or is adversely affecting one or more mission critical systems.
  • Any other denial of service attack that is persistent or significant such as an attack aimed specifically at our DNS systems.

侦察扫描或探测

  • A scan or probe that precedes or is related to the above listed incidents should be reported as part of that incident.
  • Any other scan or probe that is persistent or significant such as a stealthy scan that attempts to avoid detection.

影响广泛的信息安全事件, 这会对关键任务系统产生不利影响, 威胁到受保护或敏感信息的, 它们是持久的, that are resistant to 校园 defenses or that would provide valuable information for other 状态 entities should be reported.

在网络环境中被认为是正常的信息安全事件不应报告. 下表列出了需要报告和不需要报告的资讯保安事故的例子.

需要报告和不需要报告的信息安全事件示例
事故类型 事件描述 报告
访问 一个不知名的人获取电子人事档案. 是的
访问 to electronic personnel files by an employee with read-only access but with no job requirement to access the files. No
恶意代码 一种迅速传播的新病毒的爆发. 是的
一种已知的病毒在系或学院爆发. No
拒绝服务 针对校园资源的持续拒绝服务攻击. 是的
一个严重的问题,网络拥塞造成的学生点对点流量? No
扫描或探测 入侵校园电子邮件服务器. 是的
侵入某人的办公室电脑. No

过程

The following steps should be followed to determine whether an information security incident is reportable to SUNY System 政府 and the New York State Office of Cyber Security and Critical Infrastructure Coordination (CSCIC).

  1. The college employee believing to have identified an information security incident should report the incident to 教育及资讯科技. 报告的事件将被传达给适当的教学和信息技术主管. The incident should be reported directly to the appropriate 教育及资讯科技 supervisor if the college employee believing to have identified an information security incident is a member of 教育及资讯科技.
  2. 在对事件进行初步调查后,适当的教育和信息技术人员, 教育及资讯科技 supervisor and the Chief Information Officer will determine whether the information security incident is reportable to SUNY and CSCIC.

The following steps should be followed by the appropriate 教育及资讯科技 supervisor or the Chief Information Officer in the event of an information security incident that is determined to be reportable to SUNY System 政府 and the New York State Office of Cyber Security and Critical Infrastructure Coordination (CSCIC).

  1. 拨打纽约州立大学系统管理客户服务帮助台电话:(518)320-1800
    • 通过简要描述事件,通知纽约州立大学信息安全官.
    • 接收任何有关报告程序的最新细节.
    • 如有必要,要求一份新的CSCIC初始报告副本.
    • 如有必要,接受密码保护CSCIC初始报告的指示.
  2. 将填妥的CSCIC初步报告电邮(密码保护)并传真至纽约州立大学系统管理处
    客户.services@suny.edu 和(518)443-5273.
  3. 将完成的CSCIC最终报告以电子邮件(密码保护)发送并传真至纽约州立大学系统管理处 客户.services@suny.edu 和(518)443-5273分别在事件解决后.

突发事件

  • if you get voicemail when calling SUNY System 政府 at (518) 320-1800 leave a brief message indicating your name, 校园, 可以联系到你的电话号码和问题的简要描述 - and then call SUNY System 政府 at (518) 443-5179 or (518) 443-5596
  • if you get voicemail when calling SUNY System 政府 at (518) 443-5179 or (518) 443-5596 leave a brief message and then send an email message to 客户.services@suny.edu indicating that you have left messages at the appropriate telephone numbers and that you have an information security incident to report
  • 如果纽约州立大学系统管理部门的电话系统不能正常运行,请发送电子邮件至 客户.services@suny.edu 表明你有一个信息安全事件要报告,并包括你的名字, 校园, 可以联系到你的电话号码和问题的简要描述.
  • 如果资讯保安事件发生在正常办公时间以外(晚上), 周末, holidays) or if two hours have passed without a response from SUNY System 政府 – and if you need assistance in dealing with the incident or the incident is urgently important to other 状态 entities – call or send an email message to the State CSCIC Office at (866) 767-4722 or irt@cscic.状态.ny.us 表明你有一个信息安全事件要报告,并包括你的名字, 校园, 可以联系到你的电话号码和问题的简要描述.

初步报告

国家实体:

报道了

名称:

电话:

电子邮件:

事件性质

拒绝服务

恶意代码

侦察扫描和探测

未经授权的

其他(描述)

受影响系统的位置

街道地址:

建筑/房间:

细节(e.g. 病毒名称、事件等):

日期 & 发生时间:

日期 & 发现时间:

事件是如何被发现的?

业务影响 & 临界(e.g. 哪些信息或服务受到影响?):

附加信息:

最终报告

当状态实体是主要响应协调器时, the following information should be gathered during the investigation of the incident and reported to CSCIC when the incident is resolved.

受损系统详细信息

受影响的系统(操作系统、软件、发布级别等).):

指定被访问或泄露的任何帐户或信息的性质:

攻击源详细信息(e.g. 源IP地址、攻击方式等):

采取了什么行动?

隔离/控制:

调查:

修复:

计划跟进:

这一事件的总体影响是什么?

服务中断的影响:

解决事件所需的资源(员工时间、顾问等):