Policies
Policies
The Information Security Incident Response Team (ISIRT) is critical to protecting Brown University's IT systems and infrastructure, providing emergency response to significant information security incidents at Brown. A security incident impacting infrastructure directly supported by Brown IT staff will invoke the ISIRT based on an incident’s level of severity and the systems affected. Response to a risk to Brown University data under the control of a third-party vendor will be coordinated by the Chief Information Security Officer and the CIO of the Office of Information Technology (OIT), who determine the appropriate communication required.
The ISIRT responds to and manages Brown University’s information security incidents. These are generally defined as malicious activity that threatens the University's computing infrastructure, and are characterized by an unauthorized entity gaining access to Brown computing or network services, equipment or data.
Categories of incident types, which are constantly evolving, include but are not limited to the following:
In addition to identifying threats to Brown’s computing environment, the ISIRT is responsible for:
The procedures used by ISIRT members and other IT technical support staff (system administrators, departmental computing coordinators, et.al.) with regard to security incidents are under the authority and control of the Director of Information Technology Security in OIT.
The ISIRT is overseen by the Chief Information Security Officer, who has the authority to develop guidelines and requirements to meet the security needs of users and to safeguard the University's systems from threats. The ISIRT is composed of key personnel in OIT representing the following areas: network technology, information security. infrastructure operations, database services, systems, endpoint engineering, and the IT service center.
In addition, depending on the incident and level of severity, the following offices may be called upon to support the work of the ISIRT: Office of University Communications, Office of Internal Audit Services, Government Relations & Community Affairs, Office of the General Counsel, University Human Resources, Office of the Provost, and the Department of Public Safety. Subject matter experts and others will be added as necessary.
While the details of each incident response may vary, the process generally includes the following phases:
Questions or comments to: ITPolicy@brown.edu
Last Reviewed: March, 2022