Information Security Management
Threat & Advisory Links »
Federal/State Legislation
CSU Campus Links »
CSU Information Security Resources »
Other Security
Links »
Training/Conferences and Other Events »
CSU Security Home

Incident Response

Incident response includes a collection of policies and procedures for the effective handling of the various security events. This page provides information for the development of CSU-SIRT (Security Incident Response Team) and its on-going activities as well as a set of effective practices to employ when responding to breaches in network and/or computer security.

Carnegie Mellon® University’s Software Engineering InstituteSM is proposing to initiate a cooperative research and development relationship with the CSU Office of the Chancellor to improve the handling of network and system security incidents at each of the 23 campus in the CSU system.

Members of the SEI’s CERT® Centers (specifically the Computer Security Incident Response Team¹ (CSIRT) Development Team) will collaborate with the CSU Office of the Chancellor to develop and execute a CSIRT capability across the CSU campus system.

Phase I

The CSIRT Development Team will work with the CSU Office of the Chancellor and the CSU campuses to define a baseline CSU CSIRT framework for incident handling. Related activities will include:delivery of on-site courses for managers, focusing on creating, managing, and operating a CSIRT;

  • development of strategies to plan and implement CSU CSIRTs;
  • adoption of CSIRT policies, standard operating procedures and CSIRT best practices;
  • review of CSU-developed plans, strategies, and action plans created to date; and,
  • collaboration on the development of documents, templates, and checklists to assist in the incident handling process that can be used across the CSU system.

Phase II (If required)

The CSIRT Development Team will work with the CSU Office of the Chancellor and the CSU campuses to develop advanced CSIRT capabilities as needed at the Office of the Chancellor and/or the campuses. Related activities will be optional and would include but not be limited to:

  • delivery of on-site courses for technical staff focused on responding to and analyzing computer security incidents, and improving network security;
  • training of CSU instructors to deliver the suite of courses internally to other CSU ITS identified staff;
  • development of a skill set for selected CSU staff consistent with the CERT®-Certified Computer Security Incident Handler certification program.

Benefit to CSU Office of the Chancellor

By collaborating with the SEI, the CSU Office of the Chancellor will be positioned to provide an efficient, cost-effective approach for each of the 23 CSU campuses to implement a consistent method for handling computer security incidents, training of incident handlers and others involved in the incident handling process, and improving the overall information security posture of the CSU system.

CSU has the opportunity to be the national leader in the development of a CSIRT model customized for the university environment and to participate in setting a standard that can be transitioned to other universities and colleges in the U.S.

Benefits to CSU Campuses

A recently completed survey of campuses revealed that the top three campus needs related to information security were assistance with training, the development of security policy and the identification of related “best practices."² This program will help address all three of these needs in that the outcomes of this relationship will be a desired state where each CSU campus will have:

  • instituted a formalized CSIRT;
  • created a framework for addressing related policy issues;
  • embraced and followed best practice approaches for handling and managing computer security incidents;
  • improved the campus network, systems and computer security,
  • trained appropriate technical and management staff to support development, implementation, and sustainment of the CSIRT operations; and,
  • supported a consistent view of incident activity that can be captured by the CSU Office of the Chancellor that facilitates information sharing among campuses.

About SEI

The SEI was designated a federally funded research and development center (FFRDC) in 1984 with a broad charter to provide leadership in advancing the state of software engineering practice. The overall goal of the SEI is to improve the quality of systems that depend on software. To effect these improvements, the SEI uses a structured approach to introduce new technologies and to mature their use within organizations, until they are accepted as standard practice. Since the inception of the CERT Centers in 1989, its mission has been to serve as a focal point to help resolve computer security incidents and vulnerabilities, to help others establish incident response capabilities, and raise the overall awareness of computer security issues.


®

 Carnegie Mellon, CERT, and CERT Coordination Center are registered in the U.S. Patent and Trademark Office by Carnegie Mellon University.
SM Software Engineering Institute is a service mark of Carnegie Mellon University.
¹ A CSIRT is an organization or team that provides services and support, to a defined constituency, for preventing, handling, and responding to computer security incidents.
² TII Network Security Survey, January, 2004. CSU & LGI, Inc.
  Content Contact:
Infosec@calstate.edu

 Technical Contact:
webmaster@calstate.edu
Last Updated: July 8, 2005