Those are useful but not completely what I was looking for. I was hoping to find a worksheet that can be filled out with corresponding procedures for a given operating system. Having looked at one of those documents ( http://www.msu.edu/user/ncc/Documents/CyberSecurity/NCCCyberSec.pdf) it appears that an effort had begun to produce such documents in 2002 but I was unable to find any follow ups. I will use the information I have gathered and continue creating these documents for my department. I have also received a number of direct emails requesting that I share any information I receive, so I will post a follow up to the NAG with links to the documents I produce for others to use as they like or to lend constructive criticism. Thanks to all who replied. On 7/7/05 10:59 AM, "Missy Koos" <[log in to unmask]> wrote: > Hi! > I was actually wondering the same thing. While I was doing some research on > it I found that these were among the more helpful sites. They don't spell > out an exact policy per say, but they do define that we should contact abuse > for the ISP of the attacker. Beyond that not much is really spelled out. > > I found the following the most helpful to me: > http://security.msu.edu/ > http://www.msu.edu/user/ncc/Documents/CyberSecurity/NCCCyberSec.pdf > http://www.cj.msu.edu/~outreach/CIP/CIP.pdf > http://cip.msu.edu/risk-assessment-worksheet.pdf > > Hope this helps! > > :) > Missy > > > On 7/6/05 12:29 PM, "Bryan Murphy" <[log in to unmask]> wrote: > >> In light of the recent HR intrusion I was wondering if the university had >> any sort of policy or standard practice that they would like followed for >> post incident response/forensics. >> >> I am currently developing my departments incident response procedures and >> figured it would be a good idea for them to be inline with what the >> university expects. >> >> Thank you. > > -- Bryan Murphy Computer/Network Coordinator Plant Research Labs and Plant Biology [log in to unmask] | [log in to unmask]