Dear new member,
Welcome to the IT security community. As a departmental security contact, you play an important role as the liaison between your department(s) and K-State's Security Incident Response Team (SIRT) on matters related to information technology (IT) security.
While you will not be responsible for implementing new security measures, you are the primary communicator and facilitator of these decisions. Thus, your major responsibilities are facilitating the following:
a. Communication and user awareness of IT security matters that affect the people and technology in your department
b. Implementation of preventative measures in your department
c. Response to security incidents involving people or technology in your department
These responsibilities, as well as responsibilities of others involved in IT security, are listed in a PowerPoint presentation.
Another important service you provide is assisting with the response to a compromised computer in your department. When a compromised computer is identified, network access is blocked immediately to prevent the malware from spreading to other computers. A notification of the blocked computer is sent to the SIRT-CONTACTS mailing list. It is YOUR responsibility to determine if the compromised computer is in your department and that appropriate action is taken to repair the computer. Again, you will not perform the actual repair; you will make sure the appropriate people are notified and have taken action. Once the computer is repaired, you will contact your SIRT representative who then requests removal of the network block. This is explained in the K-State Procedure for Removing Compromised Computers From the Network.
Departmental security contacts and corresponding SIRT representatives are listed online in the comprehensive security contacts list. I have a submitted a request to update the site with your information.
Other channels of communication you should familiarize yourself with:
a. The SIRT-CONTACTS mailing list, to which you have already been added (you should have received the default "welcome" message from LISTSERV). This mailing list is used to notify people of blocked computers, as well as security announcements of general interest to the campus. Please pass the information along to your department(s) as appropriate.
b. IT Tuesday newsletter. This is a weekly electronic newsletter that features a security "Tip of the Week" and other articles about what's happening in IT around campus.
c. The IT Security website has a wealth of information specific to K-State and of more general interest.
d. Your SIRT representative. You need to get to know this person! He/She can provide you with expert advice and answer questions about current threats, K-State security policies and procedures, and preventative measures. This person also makes the request for the removal of a network block once a compromised computer has been repaired.
e. Monthly IT Security roundtable discussions sponsored by SIRT. These are informal sessions open to anyone and cover current IT security topics. See the IT Security Roundtable schedule.
SIRT also sponsors an annual all-day training event for departmental security contacts, usually near the start of the fall semester, and other specialized events during the year. These are announced in IT Tuesday and the SIRT-CONTACTS mailing list.
If you have any questions, do not hesitate to ask. Thank you for your commitment to protecting K-State's information and technology resources.
University IT Security Officer
Kansas State University
E-mail: , Voice: 785-532-2985