CIRT Charge
Background
Brown University's Computing and Information Services organization, as well as many others at Brown, have been adversely affected by the increase in number and the severity of malicious threats that have impacted the global computing community. These threats are delivered in many forms: malicious code (viruses, worms, trojans) and exploitation of undiscovered and unpatched software vulnerabilities (hacking), and improperly configured software or servers. In addition to loss or slowing of services and loss or theft of data, Brown University may be liable for damage to organizations that results from negligence in administrating Brown's networked devices.
Further, abuse of services for the distribution of unauthorized commercial email (improperly but commonly referred to as "spam") and unauthorized use and distribution of copyrighted material continues to expose Brown University to potential penalties as well.
CIS is working with the Brown community to implement reasonable IT policies and procedures to secure computing and information services and to adequately protect the data security, confidentiality, and accessibility of our networked information without significantly compromising intellectual freedom.
Responsibilities of CIRT
- Identify categories of malicious activity that threaten Brown
University's computing infrastructure. These categories are constantly
evolving. They include, but are not limited to, the following:
- Denial of Service attacks
- Rapidly spreading or highly virulent malicious code (viruses, worms, trojans)
- Unauthorized utilization of services by Brown community members or others
- Unauthorized access to protected computing and information services by Brown community members or others
- Technical support for investigations approved by authorized Brown representatives, on behalf of the University
- Ongoing threats not yet defined
- Coordinate appropriate responses to counter malicious threats
- Develop group-level response procedures so that there is archival documentation and clear understanding of roles across CIS and non-CIS groups
- Periodically review processes utilized for Incident Response and make recommendations for improvements to the CIRT Director, as appropriate
- Be aware of developing security issues affecting computing and information services
Membership
The CIRT is composed of representatives (and their alternates) from several major groups within CIS :
| CIS Group | CIRT Members |
| CIRT Director | David Sherry (Chief Information Security Officer) |
| Director of Infrastructure Services | Linnea Wolfe |
| Network Technology | Kevin DaSilva, Elvis Seth, Tim Wells, Doug Wilkinson |
| Desktop Systems & Services | Steven McKay, Peter Tirrell |
| Help Desk | Michele Blanchette, Christine Brown, Kathy Dorion, Chris Grossi |
| Windows Systems | Adam Chiodini, Tony Jaworski, Robert Mattei, Michael Rosendale, Lea Snyder |
| Unix Systems | David Andrade, Paulo Baptista, Thomas DuVally, John Larsen, Robert Morse |
| Operations/Admin | Paul Kelleher, David Rollins |
| Admin Systems | Dave Clark, John Dick |
| Network Security | Robert Fletcher, Steve Hasson |
| Information Security Communications | Pat Falcon |
| Type of Incident | Incident Coordinators |
| Email-Bourne Malware | Robert Morse |
| Malware other than Email-Bourne | Peter Tirrell |
| Network Issues | Tim Wells |
| Power Issues | David Rollins |