An IT Security SWAT Team chaired by Dr. Roger Terry during the
2002-2003 was charged with proposing a "cooperative approach to
securing the university's information technology (IT) components." One
recommendation made by the SWAT team in their March 2003 report was to
establish a Security Incident Response Team (SIRT) to "provide
services and support dedicated to preventing and responding to
information/network security incidents."
At the same time, IT security incidents at K-State and around the
nation and the world were on the increase, including well-publicized
compromises of servers at two U.S. universities that resulted in the
theft of private student data that included social security numbers.
When combined with the increasing threat of cyberterrorism and an
increasing number of system compromises, vulnerability probes,
e-mail-borne malware, and denial of service attacks involving K-State
computer systems, it was clear that immediate action was necessary to
protect K-State's information and technology resources.
In that light, Dr. Beth Unger, the Vice Provost for Academic
Services and Technology (VPAST) at K-State, established an interim
SIRT in May 2003 to respond to security incidents over the summer and
further develop the roles and responsibilities of a permanent SIRT,
which was appointed in fall 2003 after review by the Dean's Council.
Members of the SIRT represented each college and major administrative
unit as appointed by the Deans, Provost Coffman, Vice President
Rawson, and Vice President Krause.
The SIRT has three primary areas of responsibility:
- Reactive - respond to incidents in a coordinated fashion by
working with NSSG to develop the action plan and serving as the
primary communication channel and technical lead for the
college/units they represent.
- Proactive - coordinate implementation of preventative measures in
the college/units they represent. This includes communicating about
threats, new vulnerabilities, and best practices, along with
assisting IT support staff in implementing preventative measures.
- Advisory - as a regular part of NSSG, SIRT will participate in
all aspects of NSSG's responsibilities, serving as the conduit of
information and advice between central IT support and the colleges,
departments, and units represented by SIRT.
The SIRT has the following specific responsibilities in the
colleges, departments, and units they represent as originally outlined
in the IT Security SWAT report:
- Rapid response and recovery to active security incidents, working
with NSSG to develop the response plan and assuring response and/or
recovery efforts are coordinated across campus
- Investigate the nature of a vulnerability and the extent of an
- Preserve evidence for possible legal follow-up
- Provide early alerts to new vulnerabilities and related attacks
- Provide incident detection
- Implement and/or coordinate implementation of proactive,
preventative security measures
- Provide security-awareness and best practice training and
mentoring to systems administrators and users in their college/units
- Share successful strategies and efforts with others
- Provide security advice and services
- Advise system developers and IT infrastructure architects on
secure design of applications, systems, and networks
- Assist NSSG with a confidential annual report to the Vice Provost for IT Services on IT
security activities for the previous year
- Host an annual security workshop for the campus with NSSG and iTAC