What happens when a computing incident is reported?
SOURCES OF INCIDENT REPORTS
- Email to email@example.com
- Results of network log analysis
- Results of network vulnerability scans
- Telephone reports
- In person reports
- The Rutgers University CIRT handles incidents in which a Rutgers host (or users) cause computer or network problems. This typically includes:
- Violations of the University Code of Student Conduct
- Violations of the Acceptable Use Policy for Computing and Information Technology Resources.
- Violations of federal, state or local law.
- Reports from departmental staff of attacks on their computers and subnets.
ISSUE ESCALATION AND OVERDUE TICKETS
- The Incidents queue is normal priority. After 5 business days (generally 1 calendar week), the contact is notified that the ticket is overdue, After 5 more business days, a request is sent to the Network Operations Center to block the host. A ticket can also be escalated if more than 5 reports are received for the same host.
- Shorter time spans apply to incidents considered critical After 2 business days, the incident is overdue. IPS makes every effort to notice departments by telephone of critical incidents.
- Two years for email to the Rutgers University Computing Incident Response Team (RU CIRT).
- Two years for hardcopy files related to computer incidents.