The complexity of computer and network infrastructures and the challenge of administration make it difficult to properly manage network security. Network and system administrators do not have sufficient people and security practices in place to defend against attacks and minimize damage. As a result there are a rising number of computer security incidents.

When computer security incidents occur, organizations must respond quickly and effectively. The faster an organization recognizes, analyzes, and responds to an incident, the better it can limit damage and lessen recovery costs. Establishing a Computer Security Incident Response Team (CSIRT) is a great way to provide this rapid response capability as well as help prevent future incidents.

Computer security incident response has become an important component of information technology programs. Security-related threats have become not only more numerous but also potentially more damaging and disruptive. New types of security-related incidents emerge frequently. Preventative activities based on the results of risk assessments can lower the number of incidents, but not all incidents can be prevented. An incident response capability is therefore necessary for rapidly detecting incidents, minimizing loss and destruction, mitigating the weaknesses that were exploited, and restoring computing services.

Information Technology Services is working with the University community to implement reasonable IT policies and procedures to secure computing and information services and to adequately protect the data security, confidentiality, and accessibility of our networked information without significantly compromising intellectual freedom.

View the CSIRT Charge.

Get Adobe Acrobat