Report

Computer Incident Handling Standard

RIT has created a process for handling computer incidents to ensure that each incident is appropriately resolved and further preventative measures are implemented.

Report a Computer Incident

Who does the standard apply to?

The standard primarily applies to administrators of RIT-owned or leased computing devices.
The standard also applies to users of personally-owned or leased devices should the incident involve RIT resources.

What is an incident?

Incidents include the following types of events:

Physical loss of a computing device (including storage devices)
Detection of unauthorized users accessing a computing device
Discovery of malware on a computing device
Discovery of critical vulnerabilities or improper configuration that could result in a breach of information

What do I have to do?

Everyone	If the incident involves the loss or theft of a device containing Private, Confidential or Operationally Critical information, you must immediately file a report with Public Safety.
Self-supported users	If the device contains Private, Confidential or Operationally Critical information, contact your support organization immediately. If the device does not contain Private, Confidential or Operationally Critical information, you can attempt to resolve the issue on your own.
Users supported by Systems Administrators	Contact the ITS HelpDesk if you cannot resolve the problem on your own. If they discover high risk threats, they will engage the Computer Incident Handling process Report any suspicious computer activity to your support organization. Anything from a drastic slowdown in computer performance to something as simple as the cursor moving around on its own constitutes suspicious activity.
System Administrators	Report the incident to the Information Security Office. Read and understand the Computer Incident Handling Standard and the process flow chart before an incident occurs! Quick action is essential to minimizing damage, so know what needs to be done ahead of time. Visit the Systems Administrators Resources page to find tools and additional information

Resources

Computer Incident Handling Flowchart

Computer Incident Handling Standard

Tags:

Phishing

Phishing is a form of social engineering where the attacker attempts to trick people into revealing private information by sending spoofed e-mails that appear to be from reputable companies. Phishing e-mails provide a link to a seemingly authentic page where you can login and reveal your username, password and other personal identifying information (PII)." Online scammers can then use this information to access your accounts, gather additional private information about you, and make purchases or apply for credit in your name.

General protection against phishing scams

Safe practices

NEVER RESPOND TO A REQUEST FOR YOUR PASSWORD sent by e-mail, even if the request appears legitimate. RIT will NEVER ask for your password through e-mail.
Do not provide identity information, including credit card numbers, when you receive an unsolicited e-mail or phone call.
Do not open attachments in unexpected or suspicious e-mails or instant messages.
Do not click anywhere on the e-mail—even in what may appear to be white space.
Delete the e-mail or instant message.
If the e-mail or instant message provides a link to a site where you are requested to enter personal information, it may be a phish. The real link may also be masked. Move your mouse over the link and it may show a different address than the one displayed in the e-mail.
Be selective in what sites you provide with your RIT e-mail address.

Technical solutions

Use a limited or non-administrator account when opening e-mail and browsing the Internet. A limited account will help protect you against many malware attacks. Finance and Administration (and some RIT colleges) already protect their users by giving them limited accounts.
Add an anti-phishing toolbar to Internet Explorer or Firefox. Anti-phishing toolbars help detect and may block known phishing sites. ITS is providing McAfee anti-phishing tools to ePO-managed users.

Spear Phishing

Spear phishing targets a specific person or group of people (usually within a specific organization or government agency). Spear phishing e-mails are tailored to match internal communications at the target organization and may even include personal details.

Phishing in Instant Messaging

Although most phishing occurs through e-mails, fraudsters have begun using instant messaging to pose as government officials and trick people into revealing identity information.

Report a phish

Current Phishing Scams

Millersmiles.co.uk is an Internet community that archives phishing scams. Visit them to check if a particular e-mail or website has been reported by others, or report it yourself.

Phishing Guides

Take the SonicWall Phishing IQ Test to see how good you are at identifying phishy e-mails!

Anti-Phishing Tools

Internet Explorer 7.x and higher, Safari 3.2 and higher, and Mozilla Firefox 3.x and higher all provide some protection against phishing. E-mail clients such as Microsoft Outlook 2007 and Mozilla Thunderbird 2 also include anti-phishing features, such as disabling suspicious links and blocking pictures and attachments. As of August 1, 2009, all RIT-owned and leased computers must have some form of anti-phishing controls in place.

We recommend the following browser tools to help you identify suspicious websites:

The Netcraft Toolbar is a browser plug-in available for Firefox on Windows, Mac, and Linux. The toolbar helps stop phishing attempts by blocking known phishing sites and providing hosting information about the sites you visit.
The McAfee Site Advisor is a browser plug-in available for Internet Explorer and Firefox. Site Advisor warns you of websites known to have malicious downloads or links by checking them against a database at McAfee.

Note: You should not install this version of McAfee Site Advisor on any RIT-owned computer currently running McAfee ePO. More information can be found here.

Tags: