COMPUTING SECURITY AND NETWORKING
EMERGENCY PROCEDURES

5/01/08

I. MAINTAINING CONTACT INFORMATION

  1. CISL Operations can be contacted by calling x1200. Operators are on duty 24 hours a day, 7 days a week (24x7).
  2. Computer Security and the Network Engineering and Telecommunications Section (NETS) of CISL will provide CISL Operations with appropriate 24x7 contact procedures to follow when there is either a computer security or networking emergency.
  3. Division/program system administrators will provide CISL Operations with 24x7 contact information to use when there are emergencies involving a divisional system. In addition, divisions/programs may authorize Computer Security or NETS in advance to initiate disconnection of their hosts when the divisional staff cannot be contacted. Such authorization must be in writing and come from the division/program director. If above information is not made available to CISL Operations, then the decisions regarding these systems will be made by the CISL Director. If the CISL Director is unavailable, then the NETS manager is automatically delegated the authority to act and will be contacted next.
  4. The CISL Front Office will provide Computer Security, NETS, and CISL Operations with appropriate procedures for contacting the CISL Director when it is necessary during a computer security or networking emergency.

II. SECURITY/NETWORKING EMERGENCY PROCEDURES

  1. Computer Security and NETS problems are to be reported to CISL Operations.
  2. If CISL Operations detects possible computer security or networking problems, they will contact the appropriate Computer Security or NETS staff.
  3. Computer Security or NETS staff will determine the seriousness of the problem. If immediate action is not called for, they will wait until the next work day. CISL Operations and the affected division will be notified of the status.
  4. Otherwise, Computer Security or NETS staff will attempt to fix the problem, if possible, or contact the divisional system administrators to get the problem fixed or the system shut down voluntarily. (Divisional contact information can be obtained from CISL Operations). Computer Security or NETS will keep track of who they attempted to contact, when, and by what methods.
  5. If divisional staff cannot correct the problem or shut down the system in a timely manner, but they are willing to authorize a disconnection, then Computer Security, NETS, or divisional staff will contact CISL Operations directly to initiate a disconnection.
  6. If divisional staff cannot be contacted or are unwilling to have their host disconnected, then Computer Security staff or NETS staff will contact the CISL Director and request authority to act without direct cooperation of the divisional staff. If the CISL Director is unavailable, then the NETS manager is automatically delegated the authority to act and will be contacted next.
  7. If the approval to act is obtained, either from divisional staff, from advance authorization from the Division Director, or from CISL management, then Computer Security or NETS staff will notify CISL Operations and inform them that approval to act has been obtained.
  8. If the problem is related to computer security, CISL Operations will contact NETS, inform them that a computer security emergency exists, and give NETS the immediate contact information for Computer Security. NETS will contact Computer Security. Computer Security will brief NETS on the situation and together they will take whatever actions are deemed necessary.
    If the problem is network related, then NETS will initiate the shut down.
  9. Computer Security or NETS will inform CISL Operations whether or not action is taken and if so which host(s) are affected.
  10. Computer Security or NETS will inform their respective advisory committees, CSAC or NCAB, the affected division contact, and the CISL Director by phone or e-mail of any actions taken.