STEAM-CIRT Incident Response Charter
Mission Statement
The Purdue University Security Team Incident Response Team STEAM-CIRT supports the secure operations of Purdue University's IT resources through the coordination of Incident Response for the Purdue University System, and by providing response and support in the mitigation and recovery of incidents at the West Lafayette campus.
Goals
The following are the goals that we must achieve to meet our mission:
- Coordination of Incident Response amongst all STEAM security contacts and regional campus CIRT equivalents.
- Timely recovery from incidents which significantly impact Purdue University IT Resources through rapid response and mitigation.
- Rapid distribution of Purdue University-relevant security advisories.
- Continuous monitoring for potential threats to Purdue University IT Resources.
- Research and development of technologies to facilitate rapid detection, response, mitigation, and recovery from threats to Purdue University IT Resources.
- Ongoing revision of STEAM-CIRT procedures and policies to keep relevant and effective in its incident response capabilities.
Constituency
The STEAM-CIRT serves all students, faculty, staff, and others while users of Purdue University IT Resources 1.
Authority Relationships
The STEAM-CIRT maintains the following authority relationships with its constituency:
- As the coordinator of Incident Response (CIR), full authority of Incident Response procedures and coordination as defined by the IT Incident Response policy.
- As defined by the Delegation of Administrative Authority and Responsibility for Information Assurance, Security, and Awareness (V.1.1), and the IT Acceptable Use Policy (V.4.1), shared authority over the operations of all IT resources which pose a threat to the security of, or that violate the policies of, Purdue University.
Place in Organization
The STEAM-CIRT resides in the IT Security and Privacy organization and obtains its authority through the Chief Information Security Officer, who in turn derives his/her authority from the Office of the Vice President for Information Technology (OVPIT). The OVPIT resides under both the office of the Executive Vice President and Treasure as well as the Office of the Provost. The Executive Vice President and Treasurer, and the Provost report to the President of Purdue University, who reports to the Board of Trustees of Purdue University. 2
Relationship to Others
The STEAM-CIRT maintains several roles which dictate its interaction with various parties. The following table defines these roles.
STEAM-CIRT Relationships
Party: Users of Purdue University IT Resources
STEAM-CIRT Role: The STEAM-CIRT provides widespread notification of IT security issues to the users of Purdue University IT Resources, and also enforces Purdue University Policies with respect to IT Resources.
Party: Purdue Security Contacts (PSCs) and other IT support staff
STEAM-CIRT Role: The STEAM-CIRT coordinates and directs incident response activities for all PSCs and IT support staff at the West Lafayette Campus. It also provides support services as defined elsewhere in the Incident Response Handbook.
Party: Regional Campus CIRTs
STEAM-CIRT Role: The STEAM-CIRT coordinates and advises incident response activities between regional campuses and the West Lafayette Campus.
Party: CIRTs not affiliated with Purdue University
STEAM-CIRT Role: The STEAM-CIRT maintains information sharing relationships with external CIRTs to facilitate its mission of securing Purdue University IT Resources.
Party: Law Enforcement
STEAM-CIRT Role: The STEAM-CIRT does not report criminal activity to law enforcement for issues in which it is not a first-hand witness. STEAM-CIRT does not provide law enforcement with information unless directed to by the Custodian of Records of Purdue University.
STEAM-CIRT Role: The STEAM-CIRT reports violations of Purdue policy in terms of IT resources to third parties on behalf of Purdue University. The STEAM-CIRT also acts as recipient of activity of IT Resources which violate Purdue policy.
1 As defined by the IT Incident Response Policy.