Your browser has JavaScript turned off.
You must turn it on to proceed.

NORS -- CSRIC Best Practices Result

CSRIC Best Practices Result

Detailed Information for the Best Practice: 9-8-8923

Number 9-8-8923
Priority Critical
Description Measures to Protect Privacy in Botnet Response:
In designing technical measures for identification, notification, or other response to compromised end-user devices (“technical measures”), ISPs should pursue a multi-prong strategy to protect the privacy of customers’ information, including but not limited to the following:
a) ISPs should design technical measures to minimize the collection of customer information;
b) In the event that customer information is determined to not be needed for the purpose of responding to security issues, the information should promptly be discarded;
c) Any access to customer information collected as a result of technical measures should at all times be limited to those persons reasonably necessary to implement the botnet-response security program of the ISP, and such individuals’ access should only be permitted as needed to implement the security program;
d) In the event that temporary retention of customer information is necessary to identify the source of a malware infection, to demonstrate to the user that malicious packets are originating from their broadband connection, or for other purposes directly related to the botnet-response security program, such information should not be retained longer than reasonably necessary to implement the security program (except to the extent that law enforcement investigating or prosecuting a security situation, using appropriate procedures, has requested that the information be retained); and
e) The ISP’s privacy compliance officer, or another person not involved in the execution of the security program, should verify compliance by the security program with appropriate privacy practices.
Network Type(s) Internet/Data
Industry Role(s) Service Provider
Keyword(s) Cyber Security;Encryption;Information Protection;Intrusion Detection;
Reference/Comments Note that the Best Practices in this grouping are primarily aimed at ISPs that provide service to consumer end-users on residential broadband networks, but may be applicable to other users and networks as well.