Departmental Security Contact Policy

Purpose

The purpose of this policy is to ensure that campus departments* can be contacted in the event of a security incident. The ability to quickly contact responsible departmental personnel and have them take appropriate action can mitigate the negative effects of an incident.

Background

Like many university campuses, UC Berkeley diligently battles unauthorized attempts to access network and computer systems. Any loss or corruption of information could greatly impact our campus. We all have a responsibility to secure our computers and networks and to respond quickly to threats on our systems and data. A compromised computer can easily be used to launch attacks on computers in other departments or the Internet.

The Information Security Office will take immediate action when we become aware of a security incident. In cases where the incident poses a potentially serious threat to campus information systems or the Internet, the computer will be immediately blocked from network access.

When a problem computer is identified we will contact the security contact on file who can take action and/or pass the information on to the appropriate support personnel. 

Requirements

The Information Security Office refers to a database of IP addresses and associated contact information when it needs to notify security contacts of any security issues regarding a computer under their responsibility. To implement this procedure, each department needs to appoint and enter a security contact and one or more backup contacts into this database. (See Updating a Department's Security Contact Email Address.) Groups of departments may agree to share contacts for efficiency.

All security contacts for a given department should be reachable through a single email address (e.g., security@me.berkeley.edu). There should be a single departmental encryption key for exchanging secure messages with central campus security personnel.

Security contacts must respond to security incident reports from central campus security staff and pass them on to responsible departmental or third party support personnel as appropriate. Contacts need to have some familiarity with the computers in their department and be able to determine who a responsible technical person is; it is not necessary for the contact to have extensive security expertise.

Security contacts are responsible for ensuring that the appropriate personnel takes action in response to each security incident (including escalating the incident to an appropriate departmental authority if action is not taken) and that the resolution of each incident is reported to security@berkeley.edu.

Approved by the Vice Chancellor's Administrative Council (VCAC), April 19, 2001.

The word "department", as used within this Policy, includes various types of organizational entities on the Berkeley Campus, for example: an academic department, administrative department, or organized research unit. Although larger organizational units, such as schools or colleges, may choose to consolidate their security contact function under a single address, an essential requirement is that the designated contact be able to identify responsible administrators for every networked computer within their department(s)

Setting up a Security Mailing List

All security contacts for a given department should be reachable through a single email address, (e.g.security@deptserver.berkeley.edu or deptname-security@lists.berkeley.edu).

You may create a mailing list using bConnected Lists (Google Groups). 

     You can create, maintain, or delete lists via the web:

    Updating a Department's Security Contact Email Address

    The NetReg Application allows security contacts to view, update, and maintain their own list of IP addresses and contact information.

    See our documentation page and how to get started here.