InfoSec Governance and IR Consultation

$15-25 USD / hour

Closed

Posted 9 days ago

$15-25 USD / hour

I am seeking a professional consultation to evaluate and potentially challenge a significant failure in Information Security governance and Incident Response (IR) at a major R1 university. I am currently navigating a situation involving a persistent, log-evasive intrusion where the institution has leveraged the significant power asymmetry inherent in large bureaucracies to circumvent accountability. I am looking for CISO-level expertise to dismantle a "no record found" defense that was manufactured through intentional administrative delay. **The core pillars of this case include:** * **Failure of Notice:** The institution was provided with explicit, immediate notice of a breach and data loss on 11/27. Despite this "on-notice" status, they remained unresponsive for **150 days**, allowing the forensic window to expire. * **Administrative Misclassification:** Following a formal escalation, the Executive Office misrouted the technical security report to a wellness-focused **"Student Advocacy"** division—a clear departure from NIST SP 800-61 standards. * **Refusal of Forensic Baselines:** The CISO’s office has dismissed high-fidelity technical indicators (including segment hopping and live data purging) and refused to provide a **managed, monitored device** to establish a forensic baseline, relying instead on server-side logs they allowed to age out. I am particularly interested in your help to address the **Administrative Attrition** at play here. The university is currently taking advantage of the time and financial burden required for an individual to procure independent forensic oversight. I require assistance in drafting a formal rebuttal to the University’s General Counsel that frames these failures as **Administrative Spoliation** and a breach of the **Duty of Care.** I have a documented paper trail—including the initial 11/27 notice and the subsequent "Wellness" referral—and would appreciate a brief initial discussion to see if you can provide the expert oversight needed to hold this institution to industry standards.

Certified Information Systems Security Professional (CISSP)

Project ID: 40367350

About the project

6 proposals

Remote project

Active 9 days ago

Looking to make some money?

Email address

Benefits of bidding on Freelancer

Set your budget and timeframe

Get paid for your work

Outline your proposal

It's free to sign up and bid on jobs

6 freelancers are bidding on average $27 USD/hour for this job

@tangramua

Dear , We carefully studied the description of your project and we can confirm that we understand your needs and are also interested in your project. Our team has the necessary resources to start your project as soon as possible and complete it in a very short time. We are 25 years in this business and our technical specialists have strong experience in Computer Security, Technical Writing, Compliance, Risk Management, Certified Information Systems Security Professional (CISSP), Legal Consultation and other technologies relevant to your project. Please, review our profile https://www.freelancer.com/u/tangramua where you can find detailed information about our company, our portfolio, and the client's recent reviews. Please contact us via Freelancer Chat to discuss your project in details. Best regards, Sales department Tangram Canada Inc.

$30 USD in 5 days

0.0

(0 reviews)

0.0

@farazpak

Dear Sir/Madam, I am a Google, Microsoft, IBM, Apple Certified Cyber Security Consultant with extensive experience in Information Security governance, Incident Response (IR), and forensic analysis. I understand the seriousness of your case and the complexities involved when institutional processes are used to obscure accountability. Based on your description, the situation reflects critical failures in incident response timelines, governance, and evidence preservation, particularly concerning NIST SP 800-61 standards. I can assist you in professionally structuring a technical and governance-based rebuttal that highlights: Failure of timely response and loss of forensic evidence window Misclassification of a security incident into non-technical channels Refusal to establish forensic baselines and reliance on expired logs Indicators of administrative spoliation and breach of duty of care My approach combines technical expertise with clear, defensible documentation suitable for legal and executive audiences. I will review your evidence trail, align findings with industry standards, and draft a strong, fact-based rebuttal to the University’s General Counsel. Additionally, I can guide you on establishing independent forensic validation strategies despite institutional resistance, ensuring your case is technically sound and professionally presented. I am available for an initial discussion to assess your documentation and define the best course of action. Warm Regards, Faraz Ahmad

$18 USD in 40 days