Vulnerability alerts procedure
The purpose of this procedure is to use K-State's SIRT security contacts as a reliable communications channel for the campus at large. As a general guideline, initial decisions to take a certain course of action will come from SIRT, and be carried out through security contacts.
Vulnerability (virus/worm attacks) alerts will be created and communicated in the following order:
- The alert will be created by the K-State IT Security Officer and edited by SIRT members via SIRT-L. The cutoff time for sending changes will be 2 p.m. the same day. The final version of the message will be approved by the K-State IT Security Officer (or other designated SIRT member in the IT Security officer's absence).
- The final approved message will be sent to the SIRT security contact listserv, to be forwarded to their respective departments and/or offices before 5 p.m. the same day. In critical instances an e-note will be sent campuswide to all students, staff, and faculty.
- A standard alert graphic will be created by the K-State Webteam and posted on the appropriate webpages including the IT security website.
Standard format for university-wide vulnerability alerts
The purpose of the standardized e-mail is to keep the message as simple and easy to read as possible for all campus users. It is intended for users to become familiar with these advisories from SIRT security contacts and learn to take proper precautions with their computers when an outbreak does occur. Users can access more technical, detailed descriptions at the references cited at the end of the message.
To: All K-State students, faculty, and staff
Subject: Security Alert: Virus/worm attack
From: IT Help Desk, firstname.lastname@example.org
The purpose of this Security ALERT is to make the university community aware of a recent computer virus/worm that has the potential to destroy computer files, disable computer functions, or otherwise disrupt normal business operations at Kansas State University.
How it is spread:______________________
Example: (insert example)
Instances reported at K-State (if known): ____
What you should do: (keep instructions to 2-4 sentences)______________________________
If you have questions or need advice, contact your department's technical support staff. See the SIRT Representatives and Alternates page for a complete list.
If you need additional assistance, contact the IT Help Desk, 785-532-7722, email@example.com.