Related Links
 How to Report a Computer Security Incident
 Menu: Security
 Departments
 ACS
 ACT

 Blink Home > Technology > Computer Incident Response Team (CIRT) Process
Make Blink yours!
 · Activate personalization
 · Learn about MyBlink
Get what you wanted?
yes no Comments

EmployeeLink This system is working normally. If you experience any problems, please report them to the ACT Help Desk at (858)534-1853
FinancialLink This system is working normally. If you experience any problems, please report them to the ACT Help Desk at (858)534-1853
TritonLink This system is working normally. If you experience any problems, please report them to the ACT Help Desk at (858)534-1853
TravelLink This system is working normally. If you experience any problems, please report them to the ACT Help Desk at (858)534-1853   |  More...

At Your Service Online
    Via Single Sign-On
    Via AYSO password
MyApprovals
MyBlink
MyDashboard
MyDirectory
MyEffort
MyFunds
MyLeaveBalances
MyTime
MyTraining
MyTravel    |   Info ...
News and events
UCSD News
This Week @ UCSD
UCSD Calendar of Events
Staff Ed classes
Find What's New
Find the most recent articles by topic.
UCSD News & Information
UCSD Events Calendar
Blink online glossaryOnline glossary
Stumped by a word on Blink? Look it up!
Blink e-mail reminders Reminder Service
Blink can remind you of important events.
Department Index
Computer Incident Response Team (CIRT) Process  
 
Summary: Find out how CIRT helps UCSD manage computer security risks.

The Computer Incident Response Team (CIRT) investigates and resolves computer security incidents. A security incident occurs when an unauthorized entity gains access to UCSD computing or network services, equipment or data.
  • If you suspect a violation of your computer's security, contact your department's computer or technical support person immediately.
  • If you are a system administrator and need to report an incident, follow the directions on How to Report a Computer Security Incident.
The CIRT process begins when a system administrator reports a possible security incident. It includes these steps:
  1. Isolating the compromised system from the network: The machine is isolated unless network connections can help determine the extent and nature of the incident.

  2. Preserving the evidence: To prevent destruction of evidence and maximize chances of identifying the intruder, no interaction with the machine will occur until the CIRT team is in place.

  3. Setting up the CIRT team: The CIRT contact and the reporting system administrator set up an incident handling team if the situation merits further attention. The team, under the guidance of the CIRT contact:
    • Investigates the extent and type of occurrence and determines, possibly with disk imaging and analysis, if it is a security incident. If it is, the team contacts law enforcement, UCSD general counsel, and appropriate campus executives.
    • Works with the system administrator and law enforcement to collect proper evidence, in keeping with the UC Electronic Communications Policy (ECP), and determines the impact of the incident.
    • Meets with CIRT and law enforcement to generate an official report for UCSD's top management. The report outlines the type and extent of the incident and lists actions required and recommended to mitigate future incidents.

  4. Cleaning up and restoring the system: This process begins after the official report is filed.

  5. Notifying the impacted department or equipment owner: This takes place as required by the ECP unless law enforcement indicates it will interfere with the investigation. The manager of campus electronic communications support provides advice on ECP notification requirements and process.

  6. Evaluating how the situation was handled: After the required notification, the CIRT and incident handling team evaluate the response and notification process.

Questions? Contact CIRT.

  Print
Print this page		   Email
Share this page		   Add to MyBlink
Save this link		   Get notified when this page is updated
Notify on change		   Add a sticky note to this page
Add a note		  
Last reviewed/updated on Oct. 06, 2006 (see more info)
Blink A-Z Index:   0-9  A B C D E F G H  I  J K L M N O P Q R S T U V W X Y Z 


Blink Home  Site Map  Help  Accessibility Tips  Privacy Statement  Content Manager  RSS Feed 


Copyright ©2008 Regents of the University of California. All rights reserved.
Official Web Page of the University of California, San Diego

Blink version 1.7 12-17/2007 Blink Usability Group