Final Report of the Computer Incident Factor Analysis and Categorization (CIFAC) Project: Volume I: College and University Sample

Published:: Saturday, January 1, 2005
: Briefs, Case Studies, Papers, Reports

Author(s) and Contributors:: Author(s): Ginny Rezmierski Daniel Rothschild

Source(s) and Collection(s):: Sources(s): Higher Education Information Security Council (HEISC)

ParentTopics:: Cybersecurity Incident Management and Response Intrusion Detection and Prevention Security Management

Abstract

This study provides information about 319 computer-related incidents that occurred in 36 colleges and universities within the past two years. Researchers sought to bring a broader institutional focus to bear in the identification and management of computer-related incidents. Instead of the current definition of incidents which often focuses too heavily on technical vulnerabilities, researchers used a broader definition in identifying computer-related incidents to more realistically look at associated factors. Participants provided detailed information about each of the incidents. The data were analyzed to identify perceived cause, seriousness, recommended preventative actions, and the specific factors that were related to the occurrence of different types of incidents, people-focused, systems-focused, and data-focused incidents. Participants provided recommended best practices for preventing each of the incidents, for mitigating the effects of the incidents and for managing them.

Download Resources

Download PDF