Hi! I was actually wondering the same thing. While I was doing some research on it I found that these were among the more helpful sites. They don't spell out an exact policy per say, but they do define that we should contact abuse for the ISP of the attacker. Beyond that not much is really spelled out. I found the following the most helpful to me: http://security.msu.edu/ http://www.msu.edu/user/ncc/Documents/CyberSecurity/NCCCyberSec.pdf http://www.cj.msu.edu/~outreach/CIP/CIP.pdf http://cip.msu.edu/risk-assessment-worksheet.pdf Hope this helps! :) Missy On 7/6/05 12:29 PM, "Bryan Murphy" <[log in to unmask]> wrote: > In light of the recent HR intrusion I was wondering if the university had > any sort of policy or standard practice that they would like followed for > post incident response/forensics. > > I am currently developing my departments incident response procedures and > figured it would be a good idea for them to be inline with what the > university expects. > > Thank you.