About SIRT

SIRT establishment

An IT Security SWAT Team chaired by Dr. Roger Terry during the 2002-2003 was charged with proposing a "cooperative approach to securing the university's information technology (IT) components." One recommendation made by the SWAT team in their March 2003 report was to establish a Security Incident Response Team (SIRT) to "provide services and support dedicated to preventing and responding to information/network security incidents."

At the same time, IT security incidents at K-State and around the nation and the world were on the increase, including well-publicized compromises of servers at two U.S. universities that resulted in the theft of private student data that included social security numbers. When combined with the increasing threat of cyberterrorism, an increasing number of system compromises, vulnerability probes, e-mail-borne malware, and denial of service attacks involving K-State computer systems, K-State found that action was necessary to protect its information and technology resources.

In that light, Dr. Beth Unger, the Vice Provost for Academic Services and Technology (VPAST) at K-State, established an interim SIRT in May 2003 to respond to security incidents over the summer and further develop the roles and responsibilities of a permanent SIRT, which was appointed in fall 2003 after review by the Dean's Council. Members of the SIRT represented each college and major administrative unit as appointed by the Deans, Provost Coffman, Vice President Rawson, and Vice President Krause.

SIRT responsibilities

The SIRT has three primary areas of responsibility:

• Reactive - respond to incidents in a coordinated fashion by working with NSSG to develop the action plan and serving as the primary communication channel and technical lead for the college/units they represent.
• Proactive - coordinate implementation of preventative measures in the college/units they represent. This includes communicating about threats, new vulnerabilities, and best practices, along with assisting IT support staff in implementing preventative measures.
• Advisory - as a regular part of NSSG, SIRT will participate in all aspects of NSSG's responsibilities, serving as the conduit of information and advice between central IT support and the colleges, departments, and units represented by SIRT.

The SIRT has the following specific responsibilities in the colleges, departments, and units they represent as originally outlined in the IT Security SWAT report:

• Rapid response and recovery to active security incidents, working with NSSG to develop the response plan and assuring response and/or recovery efforts are coordinated across campus
• Investigate the nature of a vulnerability and the extent of an attack
• Preserve evidence for possible legal follow-up
• Provide early alerts to new vulnerabilities and related attacks
• Provide incident detection
• Implement and/or coordinate implementation of proactive, preventative security measures
• Provide security-awareness and best practice training and mentoring to systems administrators and users in their college/units
• Share successful strategies and efforts with others
• Provide security advice and services
• Advise system developers and IT infrastructure architects on secure design of applications, systems, and networks
• Assist NSSG with a confidential annual report to the Vice Provost for IT Services on IT security activities for the previous year
• Host an annual security workshop for the campus with NSSG and iTAC