ks6+Pf&Ô,YnRi$M^~HH  JoE-ǹy&qbw/o~?޼ C1A1uw 92b$C i456ǂ:'rjyO$JZ&aًKlnD#ƹvfvIو',v=%$TNcdgEV5iWtg\8&О1r@Җ y>e3F\  C#B(jW/#8yDG802ê[[fTF o^ӆ[XO0)D䔜J=%$+9õ@h;loj[{f:Z4*gN:®!$Cʴ>6RhM X_Oyާί9ϩ4wGD3щfљEԀTW)e4e\֠Ә}*ӓX[1%v"*DD7k.Ml MLKݷIrǮ,JpP^1bxmGˁF9%n{?Z?86;3zeS֪M<3jB Mp`L%dNw^3 ddZP^<%E`ָ N# Zf\gnM3[KJ_'Ut=QpF gh+cjT:s!7ԞԚUY u+>nU{Z `|`27 uqI"ru"Mqv=C9cX;hc-Pffq P]=8" YS\1*)k>՝_}0t$^YZ1lq#l07N"n5+a8i^& "hUM zVCA+>qOZx,VsW4E IFrD`,POSJ#Xz+6h4om̅Ři8 5(A`jh7?9hDzCCPVA81@Fqk$麮5Gff^t:^BЊº(ƃs^"X`37MZ 3<2!nc *6GLkW,sC{Y2`: R10S"ӸSmXm!u5u=7 1@1}RS :޺CL惇?܄U?hnŀ\`E,Vwǵ>h?>3º_]B|NWyiZsw@EUPQM~]8.\:K̍pXl` ~ 47,HJ- .qe3- #4[Is0FW9jY2#̺PlQG A0@;9l7 KBBN@n?+,56f?+"w^ټoPK$w!8CoL'1^f$оn67ءUasb !eܘ쥫3}sZn`ChЪ6:*YR)uߔy2:&f&9+*uJHjƓ}XNjL8_ȘRu@cޑ7/^*~q 8l,=*֞߻ß~"pw>(A?ݣaFLK*?Ow 1$mj $jl׏V~`"WqlUfa_y5O]κ.ƾqg1F3r{ iٞ0OaU fZOsKU٧ 5QK4cb ffTtirrk%6Lss}wߕ)vHlN1f3<6"bSyr͜p"e:MFLL3yC15Z9,vo[q)mԨS ,xd4YR,ݫmF>;S]&apV+2KHq&y6]y @eQ9J?:;b}3ĭY!g\OTeCO*%qA2d#dp 5w|˷ĞUbI(L]{.Rɏ7'G7O>׼FjSvON`R$H'/z[H9 ,oFcSc>f,ɬ{ah/rnh?n4O==l>i*=$c'rR~HաjU0 єz \ܩ &@@q!?O5/G3(\۝UiZ|Wm^ި5P[< +yc"=C'\:E.|`*Mz1´h&b ̛\ 02/12/08, One Step Ahead - Almanac, Vol. 54, No. 21
Print This Issue

One Step Ahead
February 12, 2008, Volume 54, No. 21

One Step Ahead

Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy.

Know What To Do if A Computer Security Incident Happens to You

If a computer security incident happens to you, don’t panic.  Penn has established a policy and infrastructure to support the appropriate response to security incidents.  Penn’s policy, the Information Systems Security Incident Response Policy, contains several components to ensure that computer security incidents are handled responsibly and that appropriate internal and external communication takes place. 

The most important point to remember is that the policy requires that all Penn faculty, staff, consultants, contractors and students (and their respective agents) report “computer security incidents” to their local IT management, who in turn must notify ISC Information Security. A “computer security incident” is defined as any event that threatens the confidentiality, integrity, or availability of University systems, applications, data, or networks.  This definition is intended to cover, at a minimum, compromised machines, lost or stolen computing or storage devices, and outright theft or abuse of data. 

Under the policy, an immediate response team is assembled in cases involving “confidential University data.”  The immediate response team investigates, contains, mitigates, and shares learning from computer security incidents.   In certain cases, a senior response team is convened as well to address the need for any additional communications and actions. 

The full text of the Information Systems Security Incident Response Policy can be viewed at www.net.isc.upenn.edu/policy/approved/20070103-secincidentresp.pdf.


To receive weekly OneStepAhead  tips via email, send email to listserv@lists.upenn.edu with the following text in the body of the message:  sub one-step-ahead <your name>.

For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/.

Almanac - February 12, 2008, Volume 54, No. 21