OFFICE OF CHIEF INFORMATION SECURITY & PRIVACY OFFICER
August 24, 2011
ALL ACADEMICS AND STAFF AT UCSD
SUBJECT: || REMINDER-Reporting Security Incidents to the Computer Incident|
Response Team (CIRT)
As we start the new school year, it is timely to remind you about the
UCSD Computer Incident Response Team (CIRT). The CIRT investigates and
helps resolve computer security incidents for the entire UCSD
community. A security incident occurs when an unauthorized entity gains
access to UCSD computing or network services, equipment or data. This
team assists a department in knowing when an incident requires
individual notification and when an incident has not affected private
information. Because computer security is part of UCSD's risk management
portfolio, departments with internal computer incident response teams
are still required to contact the CIRT in case of incident. The CIRT
will work closely with your own security team to investigate the
As a reminder, contact the CIRT when:
. You detect or get a report of a physical or criminal act, such
as theft of a laptop, desktop computer, or PDA.
. A law enforcement representative contacts the University
regarding a security incident.
. You or your computing staff suspects that a computer or other
network device may have been compromised to allow the viewing,
transferring, or alteration of student data, personal
information, and medical data managed under HIPAA, or other
legally regulated data.
. You or your computing staff suspects a security problem with a
desktop workstation and the person using the workstation:
o Works with personnel or financial data
o Connects to UCSD business databases (because the
password may have been revealed, exposing this data)
o Works with personal information used for
medical services or human subjects
o Submits student grades . You or your computing staff suspects that a multi-user
machine, a file, or a Web server may have been jeopardized.
What to do:
. Don't touch the machine or system. Do not turn off the
machine, remove the machine from the network or look at the
system to see what files are on it, or what might have been
touched. All these acts can disturb the forensic information
the CIRT needs to discover what was viewed.
. Contact firstname.lastname@example.org or the ACT Help Desk,
email@example.com / (858) 534-1853 immediately.
Additional information regarding CIRT and other pertinent security
information can be found at http://blink.ucsd.edu/go/cirt.
Chief Information Security & Privacy Officer