Final Report of the Computer Incident Factor Analysis and Categorization (CIFAC) Project: Volume I: College and University Sample
| Title: | Final Report of the Computer Incident Factor Analysis and Categorization (CIFAC) Project: Volume I: College and University Sample (ID: CSD4207) | | Author(s): | Virginia E. Rezmierski (University of Michigan-Ann Arbor) and Daniel M. Rothschild (University of Michigan-Ann Arbor) | | Topics: | Cybersecurity, Incident Handling and Response, Intrusion Detection and Prevention, Security Management | | Origin: | Higher Education Information Security Council (formerly the Security Task Force) (2005) | | Type: | Articles, Papers, and Reports | | Abstract: | This study provides information about 319 computer-related
incidents that occurred in 36 colleges and universities within the past two years. Researchers sought to bring a broader institutional focus to bear in the identification and management of computer-related incidents. Instead of the current definition of incidents which often focuses too heavily on technical vulnerabilities, researchers used a broader definition in identifying computer-related incidents to more realistically look at associated factors. Participants provided detailed information about each of the incidents. The data were analyzed to identify perceived cause, seriousness, recommended preventative actions, and the specific factors that were related to the occurrence of different types of incidents, people-focused, systems-focused, and data-focused incidents. Participants provided recommended best practices for preventing each of the incidents, for mitigating the effects of the incidents and for managing them. | | View this resource: | |
|
