CIRT Charge

Background

Brown University's Computing and Information Services organization, as well as many others at Brown, have been adversely affected by the increase in number and the severity of malicious threats that have impacted the global computing community. These threats are delivered in many forms: malicious code (viruses, worms, trojans) and exploitation of undiscovered and unpatched software vulnerabilities (hacking), phishing, and improperly configured software or servers. In addition to loss or slowing of services and loss or theft of data, Brown University may be liable for damage to organizations that results from negligence in administrating Brown's networked devices.

Further, abuse of services for the distribution of unauthorized commercial email (improperly but commonly referred to as "spam") and unauthorized use and distribution of copyrighted material continues to expose Brown University to potential penalties as well.

CIS is working with the Brown community to implement reasonable IT policies and procedures to secure computing and information services and to adequately protect the data security, confidentiality, and accessibility of our networked information without significantly compromising intellectual freedom.

Responsibilities of CIRT

  1. Identify categories of malicious activity that threaten Brown University's computing infrastructure. These categories are constantly evolving. They include, but are not limited to, the following:
    • Denial of Service attacks
    • Rapidly spreading or highly virulent malicious code (viruses, worms, trojans)
    • Unauthorized utilization of services by Brown community members or others
    • Unauthorized access to protected computing and information services by Brown community members or others
    • Technical support for investigations approved by authorized Brown representatives, on behalf of the University
    • Spam outbreaks
    • Compromised accounts
    • Ongoing threats not yet defined
  2. Coordinate appropriate responses to counter malicious threats.
  3. Develop group-level response procedures so that there is archival documentation and clear understanding of roles across CIS and non-CIS groups.
  4. Periodically review processes utilized for Incident Response and make recommendations for improvements to the CIRT Director, as appropriate.
  5. Be aware of developing security issues affecting computing and information services.

Membership

The CIRT is composed of representatives (and their alternates) from several major groups within CIS:

CIS Group/Function

CIRT Members

CIRT Director David Sherry (Chief Information Security Officer)
Director of Infrastructure Services Linnea Wolfe
Network Technology Kevin DaSilva, Elvis Seth, Tim Wells, Doug Wilkinson
Desktop Systems & Services Steven McKay, Peter Tirrell
IT Service Center Michele Blanchette, Christine Brown, Kathy Dorion, Chris Grossi, Daisy Medeiros
Windows Systems Adam Chiodini, Tony Jaworski, Robert Mattei, Michael Rosendale
Unix Systems David Andrade, Paulo Baptista, Thomas DuVally, John Larsen, Robert Morse
Operations/Admin Paul Kelleher, David Rollins
Admin Systems Dave Clark, John Dick
Network Security Robert Fletcher
Information Security Communications Pat Falcon

Type of Incident

Incident Coordinators

Email-Borne Malware Robert Morse
Malware other than Email-Borne Peter Tirell
Network Issues Tim Wells
Power Issues David Rollins

Questions or comments to: ITPolicy@brown.edu

Effective Date: August 30, 2004
Last Reviewed: March, 2014