August 24, 2011


SUBJECT:    REMINDER-Reporting Security Incidents to the Computer Incident
Response Team (CIRT)

As we start the new school year, it is timely to remind you about the UCSD Computer Incident Response Team (CIRT). The CIRT investigates and helps resolve computer security incidents for the entire UCSD community. A security incident occurs when an unauthorized entity gains access to UCSD computing or network services, equipment or data. This team assists a department in knowing when an incident requires individual notification and when an incident has not affected private information. Because computer security is part of UCSD's risk management portfolio, departments with internal computer incident response teams are still required to contact the CIRT in case of incident. The CIRT will work closely with your own security team to investigate the incident.

As a reminder, contact the CIRT when:

. You detect or get a report of a physical or criminal act, such
  as theft of a laptop, desktop computer, or PDA.

. A law enforcement representative contacts the University
  regarding a security incident.

. You or your computing staff suspects that a computer or other
  network device may have been compromised to allow the viewing,
  transferring, or alteration of student data, personal
  information, and medical data managed under HIPAA, or other
  legally regulated data.

. You or your computing staff suspects a security problem with a
  desktop workstation and the person using the workstation:

o Works with personnel or financial data
o Connects to UCSD business databases (because the
  password may have been revealed, exposing this data)
o Works with personal information used for
  medical services or human subjects
o Submits student grades

. You or your computing staff suspects that a multi-user
  machine, a file, or a Web server may have been jeopardized.

What to do:

. Don't touch the machine or system. Do not turn off the
  machine, remove the machine from the network or look at the
  system to see what files are on it, or what might have been
  touched. All these acts can disturb the forensic information
   the CIRT needs to discover what was viewed.

. Contact or the ACT Help Desk, / (858) 534-1853 immediately.

Additional information regarding CIRT and other pertinent security information can be found at

Charlotte Klock
Chief Information Security & Privacy Officer