Evidence Collection Policy
1. What are the main concerns when collecting evidence?
That you are thorough, collect everything, do it in the proper and official manner, and that you do not tamper with or alter anything.
2. What precautions are necessary to preserve evidence state?
Usually what is done is all of the evidence is duplicated several times and any processes involved with the investigation are done with the duplicates to ensure that the actual evidence isn’t altered in any way.
3. How do you ensure evidence remains in its initial state?
It is duplicated and then stored in climate controlled conditions.
4. What information and procedures are necessary to ensure evidence is admissible in court?
Whoever conducts the investigation does so in a previously mandated, official, and legally recognized manner.
Information Systems Security Incident Response Policy
I. Title
A. Name: Information Systems Security Incident Response Policy
B. Number: : 20070103-secincidentresp
C. Author(s): David Millar (ISC Information Security) and Lauren Steinfeld (Chief Privacy Officer)
D. Status: Approved
E. Date Proposed: 2005-10-24
F. Date Revised:
G. Date Approved: 2007-01-03
H. Effective Date: 2007-01-16
II. Authority and Responsibility
Information Systems and Computing is responsible for the operation of Penn’s data networks (PennNet) as well as the establishment of information security policies, guidelines, and standards. The Office of Audit, Compliance and Privacy has authority to develop and oversee policies and procedures regarding the privacy of personal information. These offices therefore have the authority and responsibility to specify security incident response requirements to protect those networks as well as University data contained on those networks.
III. Executive Summary
This policy defines the response to computer security incidents.
IV. Purpose
This policy defines the steps that personnel must use to ensure that security incidents are
That you are thorough, collect everything, do it in the proper and official manner, and that you do not tamper with or alter anything.
2. What precautions are necessary to preserve evidence state?
Usually what is done is all of the evidence is duplicated several times and any processes involved with the investigation are done with the duplicates to ensure that the actual evidence isn’t altered in any way.
3. How do you ensure evidence remains in its initial state?
It is duplicated and then stored in climate controlled conditions.
4. What information and procedures are necessary to ensure evidence is admissible in court?
Whoever conducts the investigation does so in a previously mandated, official, and legally recognized manner.
Information Systems Security Incident Response Policy
I. Title
A. Name: Information Systems Security Incident Response Policy
B. Number: : 20070103-secincidentresp
C. Author(s): David Millar (ISC Information Security) and Lauren Steinfeld (Chief Privacy Officer)
D. Status: Approved
E. Date Proposed: 2005-10-24
F. Date Revised:
G. Date Approved: 2007-01-03
H. Effective Date: 2007-01-16
II. Authority and Responsibility
Information Systems and Computing is responsible for the operation of Penn’s data networks (PennNet) as well as the establishment of information security policies, guidelines, and standards. The Office of Audit, Compliance and Privacy has authority to develop and oversee policies and procedures regarding the privacy of personal information. These offices therefore have the authority and responsibility to specify security incident response requirements to protect those networks as well as University data contained on those networks.
III. Executive Summary
This policy defines the response to computer security incidents.
IV. Purpose
This policy defines the steps that personnel must use to ensure that security incidents are
References: 1. PennNet Computer Security Policy at www.net.isc.upenn.edu/policy/approved/20040524-hostsecurity.html 2. Critical PennNet Host Security Policy at www.net.isc.upenn.edu/policy/approved/20000530-hostsecurity.html 3. Policy on Computer Disconnection from PennNet at www.upenn.edu/computing/policy/disconnect.html 4. Adherence to University Policy at www.hr.upenn.edu/policy/policies/001.asp 5. Policy on Security of Electronic Protected Health Information (ePHI) at www.upenn.edu/computing/security/policy/ePHI_Policy.html Appendix I The following category of incidents need not be reported to Penn Information Security: * Unsuccessful network scans