The Office of Information Technology, partnering with Internal Audit, Georgia Tech Legal, and the Office of Human Resources, has developed a procedure that enables the Institute to respond to information security incidents in an organized, efficient, and consistent manner. Georgia Tech's Incident Response program is considered to be in a mature state. That is, our processes are well developed, the appropriate tools are available to investigate incidents, and the workflow exists to consistently involve appropriate departments during the appropriate phases of an investigation. Our current Incident Response capabilities include:
- Incident Identification & Containment
- Electronic Discovery
- Recovery of Deleted Material
- Malicious Software Analysis
- Forensic Quality Media Imaging
- Secure Storage of Evidence
- Dedicated Forensic Laboratory
- Counsel in the Restoration of Service & Operation
The Incident Response process is attached to the end of this roadmap. Additional details may be found here: http://www.audit.gatech.edu/sites/default/files/IAcollabrative2.pdf
- Sr. VP Finance Administration
- Director, Internal Audit
Victoria Anderson - Associate Director of Information Security
System Information and Metrics
Security IncidentsCategoryTypeData DisclosureIntrusionMalwareMisconfigurationPolicy ViolationGrand TotalLawn 188 260349Resnet/Eastnet11101 639742Unit 13381845114Grand Total116227189441205
Incidents requiring forensics analysis by Information Security: 55
- Updated Incident Process flow:
Goals for 2009-2010
- Adoption of Ethics Point workflow software for malfeasance and misfeasance incidents.
- Annual review and update the Incident Response workflow process and vet with Georgia Tech technical community.
- Operational review and update internal processes and tools for working Incidents.
- Analysis of tools, processes, and methods for conducting forensics on mobile devices, encrypted drives, and virtual hosts.
Projects to Support Goals - 2009-2010