Since 2005, UB has been tracking the number of information
security incidents and classifying the incidents.
Some milestones for UB have been:
- In 2005 UB became a member of REN-ISAC
- In 2006 we implemented ArcSight
These two events are notable for the following reasons:
- First, our membership in REN-ISAC alerts us to compromises of
which we would otherwise not be aware. There are a variety of
compromises that are generally detectable only at remote ends. For
example, the botnet compromises would go largely undetected without
our relationship with REN-ISAC. The information sharing and trust
relationships that come with our membership have allowed us to
better secure our infrastructure.
- The second event, ArcSight, is notable because it allowed us to
correlate incident reports and events and automate much of their
processing, assignment and resolution. This allows us to respond
more rapidly to new compromises. In 2006 the statistics show a
large increase in incident detection as we turned on that
infrastructure. After 2006, incident volume began dropping off as
awareness and preventative measures grew.
