Crisis Communications for Security Issues: A Nightmare You Can Manage Marilu Goodyear Donna Liss Allison Rose Lopez Jenny Mehmedovic The University of.

Slides:

Advertisements

Similar presentations

IMPS Information Management and Policy Services Information Services Directorate A briefing for all University staff November 2004 New Information Legislation.

Advertisements

Culture Change: What IT Takes to Create a Quality Customer Service Environment Presented By: Anne Agee, Executive Director, Division of Instructional and.

What Does the Net Generation Expect From Us? SAC August 8, 2005 SAC August 8, 2005 Copyright © 2005, Joel L. Hartman. This work is the intellectual property.

While You Were Out: How Students are Transforming Information and What it Means for Publishing Kate Wittenberg The Electronic Publishing Initiative at.

Worcester Polytechnic Institute 1 Providing Technology Orientation for New Faculty and Staff Copyright © 2005 Worcester Polytechnic Institute This work.

Emergency Notification Systems - ISU Alert EDUCAUSE Midwest Regional ISU Alert Carol McDonald Information Systems Leader Information Technology.

Pace University Rebounding from the World Trade Center Disaster Copyright Barbara Cunningham, This work is the intellectual property of the author.

Making the Case for Security: An Application of the NIST Security Assessment Framework to GW January 17, 2003 David Swartz Chief Information Officer Guy.

© 2005 Notification and Reporting on Food Incidents: Irish Approach Food & Drugs Authority Bangkok Thailand Dorothy Guina-Dornan.

Copyright Jill M. Forrester This work is the intellectual property of the author. Permission is granted for this material to be shared for non- commercial,

CCSU’s E-portfolio Initiative and the IT Career Ladder Jo Kinnard, Ph.D. Clayton College and State University, Morrow, GA.

1 GRAND VALLEY STATE UNIVERSITY FAMILY EDUCATIONAL RIGHTS & PRIVACY ACT (FERPA) TRAINING OFFICES OF THE REGISTRAR AND UNIVERSITY COUNSEL JANUARY 20, 2009.

Educause Security 2007ISC Information Security Copyright Joshua Beeman, This work is the intellectual property of the author. Permission is granted.

Advancing Security Programs through Partnerships Cathy HubbsShirley Payne IT Security Coordinator Director for Security Coordination & Policy George Mason.

Password District Data Breach Exercise [District Name] [Date] [Logo]

UWM CIO Office A Collaborative Process for IT Training and Development Copyright UW-Milwaukee, This work is the intellectual property of the author.

Procurement From the 20 th to the 21 st Century Copyright Byron Honoré This work is the intellectual property of the author. Permission is granted.

1 I2 Security Professionals Workshop - May, 2004 Partnering for Success in the Security Discussion at Northeastern Gaining Traction through Influence Glenn.

INDIANAUNIVERSITYINDIANAUNIVERSITY Automated Network Isolation at Indiana University David A. Greenberg Information Technology Security and Policy Office.

Unraveling Web Development PRESENTERS: Bob Nakles and Paras Kaul, George Mason University.

Risk Assessment 101 Kelley Bradder VP and CIO Simpson College.

Copyright Marilyn Drury, Darrell Fremont, Doreen Hayek, This work is the intellectual property of the authors. Permission is granted for this material.

Security Issues on Campus: Government Initiatives Rodney J. Petersen University of Maryland Educause/Internet2 Security Task Force Copyright Rodney J.

Tales from the Trenches Copyright Long, Mitrano, McGovern, and Orr, This work is the intellectual property of the authors. Permission is granted.

EPR-Public Communications L-05

Center for Instructional Technology James Madison University Strategies for Transitioning to the Age of Digital Media Sarah E. Cheverton James Madison.

Intellectual Property Protocol and Assessment for Distance Learning Liz Johnson Project Manager Advanced Learning Technologies Board of Regents of the.

A Balanced Scorecard is a Process Not Numbers MID ATLANTIC EDUCAUSE 2005 Saint Michael’s College Bill Anderson – Chief Information Officer Billie Miles.

Page 1 Copyright Jill M. Forrester This work is the intellectual property of the author. Permission is granted for this material to be shared for.

Herding CATS: the Community of Academic Technology Staff Lou Zweier, Director CSU Center for Distributed Learning The California State University NLII,

Sharing Information and Controlling Content: Continuing Challenges for Higher Education Susanna Frederick Fischer Assistant Professor Columbus School of.

Ten Thing IT Staff Need to Know About Education Records Privacy Ten Things IT Staff Need to Know About Education Records Privacy Jeff von Munkwitz-Smith.

Purpose A crisis communication plan coordinates the communication within the organization, as well as between the organization and the media and the public.

Managing Intellectual Property for Distance Learning Liz Johnson Project Manager Advanced Learning Technologies Board of Regents of the University System.

Higher Education and the New International Imperative David Ward President American Council on Education Global Challenges and Higher Education Duke University.

Value & Excitement University Technology Services Oakland University Information Technology Strategic Planning Theresa Rowe October 2004 Copyright Theresa.

Responding to a Security Incident Maryland Security Day March 2, 2004 Joy Hughes, CIO

NERCOMP 2002 Ten Things IT Staff Need to Know About Education Records Privacy Jeff von Munkwitz-Smith University Registrar University of Connecticut.

Developing Professional Leaders Georgia Institute of Technology Linda A. Cabot, Director, ITS John Mullin, CIO, OIT Copyright Linda A. Cabot, This.

Developing an Issues Management Plan Poor Crisis Management NEW YORK (AP) -- Lingering images of passengers stranded at sea for days as toilets back.

Safeguarding Research Data Policy and Implementation Challenges Miguel Soldi February 24, 2006 THE UNIVERSITY OF TEXAS SYSTEM.

Copyright [Joan Getman and Lisa A. Stephens] [2008] This work is the intellectual property of the authors. Permission is granted for this material to be.

University and IT Policies: Match or Mis-match? Marilu Goodyear, Vice Provost for Information Services and CIO Jenny Mehmedovic, Coordinator of IT Policy.

Copyright [Dr. Michael Hoadley, Chat Chatterji, and John Henderson ] [2004]. This work is the intellectual property of the authors. Permission is granted.

Effective Distribution of Academically Licensed Software ©2008 Brent West. This work is the intellectual property of the author. Permission is granted.

A Strategy for Moving from Commercial to an Open Source Environment Jeshua Pacifici, GEDI Assistant Director and Learning Systems Consultant.

1 Effective Incident Response Presented by Greg Hedrick, Manager of Security Services Copyright Purdue University This work is the intellectual property.

Investing in Relationships The Alchemy of Strong Working Relationships in Enterprise Projects.

IT Security Challenges In Higher Education Steve Schuster Cornell University Copyright Steve Schuster This work is the intellectual property of.

EDUCAUSE 2003 Copyright Toshiyuki Urata 2003 This work is the intellectual property of the author. Permission is granted for this material to be shared.

Legal Issues in the “E-Learning Business” Jonathan Alger University of Michigan October 29, 2001 Copyright Jonathan Alger This work is the intellectual.

Educause Live! August 3, USA PATRIOT Act and Beyond: How Higher Education Institutions and Libraries are Cooperating and Coping Marilu Goodyear CIO.

Copyright © 2011 Rachel Fourny. This work is the intellectual property of Rachel Fourny. Permission is granted for this material to be shared for non-commercial,

1 Crisis Management and Communication Dr. Joy Smith and Ms. Robin Denny.

A Roadmap through State Education Networking and Interstate Cooperation: StateNets, I2-K20 Initiative, THE QUILT, State (K12) Technology Education Directors.

Quickly Establishing A Workable IT Security Program EDUCAUSE Mid-Atlantic Regional Conference January 10-12, 2006 Copyright Robert E. Neale This.

The Duluth Area CIO’s Consortium Collaborating with Regional IT Organizations Copyright Linda Deneen and Lynne Hamre, This work is the intellectual.

Chief Information Officer Effectiveness in Higher Education Wayne Brown, Ph.D. Copyright Wayne Brown This work is the intellectual property of the.

Copyright Michael White and Sylvia Maxwell, This work is the intellectual property of the author. Permission is granted for this material to be shared.

© Scottsdale Community College Leveraging the Power of E-Learning Taking your course to a higher level Presented by Sidne Tate Director, Instructional.

2 United States Department of Education, Privacy Technical Assistance Center 1 Western Suffolk BOCES Data Breach Exercise.

Strategic Communications Training Crisis Communications X State MDA 1.

Julian Hooker Assistant Managing Director Educause Southwest

Educause Learning Initiatives (ELI) January 20-22, 2009

Project for OnLine Instructional Support (POLIS)

myIS.neu.edu – presentation screen shots accompany:

An App A Day Copyright Tina Oestreich and Brian Yuhnke This work is the intellectual property of the author. Permission is granted for this material.

EDUCAUSE Networking 2002 Washington, D.C. April 17, 2002

Anatomy of a Common Cyber Attack

Presentation transcript:

Crisis Communications for Security Issues: A Nightmare You Can Manage Marilu Goodyear Donna Liss Allison Rose Lopez Jenny Mehmedovic The University of Kansas

Copyright Statement Copyright Marilu Goodyear, Donna Liss, Allison Rose Lopez, and Jenny Mehmedovic, This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright appears on the reproduced materials and notice is given that the copying is by permission of the authors. To disseminate otherwise or to republish requires written permission from the authors.

Important Elements of Response Planning Partnerships Communication But first … what happened?

The Incident Facts January 21, 2003 A technology staff member reports a compromise on the machine being used to compile SEVIS data for submission Immediately launched technical investigation The next day … Determined that the SEVIS test file had been taken as well as activity relating to movies and music

The Incident Facts File contained data from Student Information System extract matching on: Country of permanent address Presence of visa information Included some U.S. students due to mismatches 1,450 records with the following information: Name Student ID # SSN # Passport # Country of origin Visa status

Planning: Define Successful Outcomes Defined that our successful outcomes would be: 1. Protect and inform the students 2. University acts, and is viewed as, a responsible organization Gathered the right folks: Technical Staff Policy Staff Legal Counsel University Administration Public Relations

Successful Outcome 1: Protect and inform the students Partnerships Actions Student Body President Student Senate International Students Office Legal Services for Students Successes Students were involved and felt cared for No protests No lawsuits Lessons Learned Should have worked more closely with Legal Services for Students when preparing outgoing communications

Successful Outcome 1: Protect and inform the students Communications Actions Created informed team focused on incoming and outgoing communications with affected students They heard it directly from us We provided info + assistance Communication via & U.S. mail Open, frequent communication diffused student frustrations relatively quickly

Successful Outcome 1: Protect and inform the students Communications Successes Students had resources to get the information they needed They trust us more when we’re honest, even if they are frustrated They knew we were prepared and eager to help Should another incident occur, they have the expectation that we will communicate openly When dealing with potential fears, it’s better to communicate more rather than less Lessons Learned We should have been more aggressive in learning from the INS what their approach was going to be

Successful Outcome 2: University as a responsible organization Partnerships Actions Immediately contacted the INS, FBI, and the KU Public Safety Office Contacted the vendor Notified other IT professionals Gathered roundtable of administrators to address problem CIO & Deputy CIO Coordinator of IT Policy IT Public Relations Coordinator International Students Office Legal Counsel University Relations IT Security Officer

Successful Outcome 2: University as a responsible organization Partnerships Successes Assessed level of partner knowledge and know-how, and helped them look good Collaborative war-room model with all major players Did not shoot the messenger Kept the vendor name out of the press, and worked as partners Lessons Learned Your security office may know more than the FBI and Police Developed a fail-forward action plan Needed better communication with internal staff

Successful Outcome 2: University as a responsible organization Communication with the Media Actions Wrote a brief to ensure all participants received exactly the same version of events Went public within 24 hours Called press conference and started it with a strong statement from the university Brought informed student spokespeople to the press conference, so they were prepared to comment based on the facts Successes TV reporters are less likely to hunt for unknown students to fill news spots Timeliness is key to keeping coverage proportional to the incident

Successful Outcome 2: University as a responsible organization Communication with the Media Lessons Learned This is the time to use media contacts; choose the reporter when possible Pre-educate University Relations staff on the technical issues and language Law enforcement agents may not understand the technical issues, so be ready to educate them along the way The FBI has an equal interest in their own public image, and those interests may conflict with ours

Conscious communication: The (honest) underlying messages in quotes We know the facts, including which data were involved We acted quickly We are doing what we can to address the problem We are respectful of other people We are cooperating with law enforcement We accept responsibility for making it better We will continue to respect and value individual privacy, freedom of expression, academic inquiry, etc. We are providing information and/or assistance to those who were affected We sincerely regret any difficulties this may have caused you We are a responsible, competent organization

Recommendations Preparation activities Crisis communication plan Technical language – use precision Policy on whether and how to notify the affected individuals Protocol for working with University Relations, Legal Counsel, etc. Prepare communication materials After the fact Evaluate

Copyright Marilu Goodyear, Donna Liss, Allison Rose Lopez, and Jenny Mehmedovic, This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.