What happens when a computing incident is reported?

SOURCES OF INCIDENT REPORTS

• Email to abuse@rutgers.edu
• Results of network log analysis
• Results of network vulnerability scans
• Telephone reports
• In person reports

ACTIONABLE INCIDENTS

• The Rutgers University CIRT handles incidents in which a Rutgers host (or users) cause computer or network problems. This typically includes:
  • Violations of the University Code of Student Conduct
  • Violations of the  Acceptable Use Policy for Computing and Information Technology Resources.
  • Violations of federal, state or local law.
• Reports from departmental staff of attacks on their computers and subnets.

ISSUE ESCALATION AND OVERDUE TICKETS

 

• The Incidents queue is normal priority.   After 5 business days (generally 1 calendar week), the contact is notified that the ticket is overdue,  After 5 more business days, a request is sent to the Network Operations Center to block the host.   A ticket can also be escalated if more than 5 reports are received for the same host.
• Shorter time spans apply to incidents considered critical   After 2 business days,  the incident is overdue.   IPS makes every effort to notice departments by telephone of critical incidents.

 

RECORD RETENTION

• Two years for email to the Rutgers University Computing Incident Response Team (RU CIRT).
• Two years for hardcopy files related to computer  incidents.