The purpose of this policy is to ensure that campus departments* can be contacted in the event of a computer or network security incident. The ability to quickly contact responsible departmental personnel and have them take appropriate action can mitigate the negative effects of an incident both locally in the department and more globally throughout the campus and the Internet.
Like many university campuses, UC Berkeley is experiencing an increase in unauthorized attempts to access its network and computer systems. Attempts to break into campus computers are a regular event.
Risks to our academic mission are very serious. The loss or corruption of information or access to information on research or instructional workstations and servers, student records, and financial systems could greatly hinder campus work. The campus has a responsibility to secure its computers and networks and to respond quickly to threats to the integrity of systems and data. A compromised computer in one department can easily be used as a springboard to launch attacks on computers in other departments or the Internet.
Because of these risks, central campus security personnel must take action when they become aware of a security incident specifically involving a UC Berkeley computer. In cases where the incident poses a potentially serious threat to campus information system resources or the Internet, the computer will be immediately blocked from network access.
When a problem computer is identified, whether or not it is blocked from network access, central campus security personnel must be able to quickly contact someone in the appropriate campus department who can take action and/or pass the information on to the appropriate departmental support personnel. Quickly reaching a departmental contact is also important so that any affected user(s) may be informed of the situation. In addition, central campus security personnel will inform this contact person of possible irregularities such as computers with configuration problems that could negatively impact the network or that appear to be infected with a virus.
Information Security and Policy (ISP) refers to a database of IP addresses and associated contact information when it needs to notify security contacts of any security issues regarding a computer under their responsibility. To implement this procedure, each department needs to appoint and enter a security contact and one or more backup contacts into this database. (See Updating a Department's Security Contact Email Address.) Groups of departments may agree to share contacts for efficiency.
All security contacts for a given department should be reachable through a single email address (e.g., email@example.com). There should be a single departmental encryption key for exchanging secure messages with central campus security personnel.
Security contacts must respond to security incident reports from central campus security staff and pass them on to responsible departmental or third party support personnel as appropriate. Contacts need to have some familiarity with the computers in their department and be able to determine who a responsible technical person is; it is not necessary for the contact to have extensive security expertise.
Security contacts are responsible for ensuring that appropriate personnel take action in response to each security incident (including escalating the incident to an appropriate departmental authority if action is not taken) and that resolution of each incident is reported to firstname.lastname@example.org.
Approved by the Vice Chancellor's Administrative Council (VCAC), April 19, 2001.
* The word "department", as used within this Policy, includes various types of organizational entities on the Berkeley Campus, for example: an academic department, administrative department, or organized research unit. Although larger organizational units, such as schools or colleges, may choose to consolidate their security contact function under a single address, an essential requirement is that the designated contact be able to identify responsible administrators for every networked computer within their department(s)
Setting up a Security Mailing List
You may create a mailing list using bConnected Lists (Google Groups).
You can create, maintain, or delete lists via the web:
Updating a Department's Security Contact Email Address
ISP now has available a new web-based application that allows security contacts to view, update, and maintain their own list of IP addresses and contact information.
To request access to this application for an existing security contact profile, or to create a new profile, designate one person as the "owner" of the security contact profile and send an email to email@example.com with the following details:
- Department or Organization
- The five-letter Org Node code associated with the department or organization (see: http://bai-staging.chance.berkeley.edu/TreeRPT/UCBDTREE.HTM)
- Profile owner's name
- Profile owner's email
- Security contact email (preferably an email list address)
If you are already part of a security contact email list composed of multiple groups and would like to separately maintain your own group's profile, indicate the larger email list that you are requesting to partition.
Once access to the application is granted, profile owners can grant to their team members, access rights to maintain the profile.