Desktop computer malware incident response reports
| Submitted | Nov. 5, 2013 |
MuckRock users can file, duplicate, track, and share public records requests like this one. Learn more.
Communications
From: Phil Mocek
To Whom It May Concern:
Pursuant to RCW Ch. 42.56 (Public Records Act), I hereby request the following records:
All desktop incident response reports and associated metadata.
In a 2010-10-21 [presentation][1] by Seattle CISO Michael Hamilton, "Information Security Briefing ACCIS Fall 2010," on page 29 under the heading "Desktop Incident Response," in a "Malware Incident Response Flowchart" credited to David Matthews (then Seattle Deputy CISO, now Director of Incident Response at Expedia) it is stated that in the event of malware detection, after forensic analysis is complete, staff are to "create incident response report and deliver to OIS and affected department management and/or IT staff."
[1]: <http://www.kitsapregionalcouncil.org/library/KIT-NET/ACCIS-Fall-2010-Security.pdf>
Please do not create new records for me (e.g., by printing and scanning electronic documents), but provide originals.
I also request that, if appropriate, fees be waived as I believe this request is in the public interest. The requested documents will be made available to the general public free of charge as part of the public information service at MuckRock.com, processed by a representative of the news media/press and is made in the process of news gathering and not for commercial usage.
In the event that fees cannot be waived, I would be grateful if you would inform me of the total charges in advance of fulfilling my request. I would prefer the request filled electronically, by e-mail attachment if available or CD-ROM if not.
Thank you in advance for your anticipated cooperation in this matter. I look forward to receiving your response to this request within 5 business days, as the statute requires.
Sincerely,
Phil Mocek
From: Coppersmith, Megan
Mr. Mocek,
Thank you for contacting the City of Seattle. This acknowledges receipt of your public disclosure request of November 5, 2013 for "All desktop incident response reports and associated metadata."
I estimate that it will take until December 12, 2013 to locate and prepare the records regarding your request.
I will be in touch once your request is complete.
Thank you,
Megan
Megan Coppersmith
Public Information Advisor
City of Seattle Department of Information Technology
megan.coppersmith@seattle.gov
P: 206-233-8736
C: 206-430-0374
From: MuckRock.com
To Whom It May Concern:
I wanted to follow up on the following Freedom of Information request, copied below, and originally submitted on Nov. 5, 2013. Please let me know when I can expect to receive a response, or if further clarification is needed.
Thank you for your help.
From: Coppersmith, Megan
Mr. Mocek,
As indicated in my response on November 12, 2013 (see below), your response will be ready by December 12, 2013.
I will be in touch once your request is complete.
Thank you,
Megan
Megan Coppersmith
Public Information Advisor
City of Seattle Department of Information Technology megan.coppersmith@seattle.gov
P: 206-233-8736
C: 206-430-0374
From: MuckRock.com
To Whom It May Concern:
I wanted to follow up on the following Freedom of Information request, copied below, and originally submitted on Nov. 5, 2013. Please let me know when I can expect to receive a response, or if further clarification is needed.
Thank you for your help.
From: Coppersmith, Megan
Dear Mr. Mocek:
On November 5, 2013 you submitted a records request to the Department of Information Technology (DoIT) for potentially responsive records. Our responsive record is attached to this email.
You requested the following:
"All desktop incident response reports and associated metadata."
Information that would provide access information to the City’s compromised computer’s IP address and computer name and the method used to detect these compromises has been redacted in the responsive record, however the redacted information and the information that identifies the record is evident from the face of the record. This information is exempt under RCW 42.56.420(4), which exempts “Information regarding the infrastructure and security of computer and telecommunications networks, consisting of security passwords, security access codes and programs, access codes for secure software applications, security and service recovery plans, security risk assessments, and security test results to the extent that they identify specific system vulnerabilities, and other such information the release of which may increase risk to the confidentiality, integrity, or availability of agency security, information technology, infrastructure, or assts.” Providing this information could compromise the security of those systems and networks and increase their vulnerability to future attacks.
This satisfies your request and it will now be considered closed. If you have any questions, please feel free to contact me.
Sincerely,
Megan Coppersmith
Files
pages