PROCEDURES
When a vulnerability is identified by the Security Team, they are authorized to take appropriate action to protect the resources and data of the university, including:
- Identify the user of record of the affected computer, from DNS registration information.
- announce the vulnerability on the Network-Managers list and report the vulnerability to the user of record, stating a deadline by which a response must be received from the user.
- Define the actions required by the user to confirm that the vulnerability has been resolved before the deadline.
- Disable network access if response has not been received by the deadline.
When an active compromise is identified by the Security Team, they are authorized to take appropriate action to protect the resources and data of the university, including:
- Immediately disable the network access of the affected computer to isolate the vulnerability or compromise.
- Identify the user of record of the affected computer, from DNS registration information.
- Contact the user of record to provide notification of the compromise and action taken.
- Define the actions required by the user to confirm that the compromise has been resolved before network access is re-enabled.
- Obtain access to the affected computer for forensic analysis of the vulnerability or compromise.
- Secure evidence from the affected computer to meet legal requirements and protect the university from liability.
The Security Team may provide in-depth audits of computers to assess their vulnerability at the request of the user or manager of the computers.
The Security Team should perform more in-depth assessment of computers that are involved with important data to provide a greater level of security assurance.
The Security Team should be involved in detection of forgotten or unneeded Private Sensitive Information (PSI) on computers and servers as a means of encouraging greater care by all staff when working with PSI.
