Skip to main content

Incident Detection and Response

Incident response

Incident response

The Rutgers University Computing Incident Response Team (RU CIRT) serves the Rutgers computing community by responding to reported computer abuse incidents. The contact email address is abuse@rutgers.edu.

Compromise of Confidential or Sensitive Data

In the event of a compromise of confidential or sensitive data, contact the University Ethics and Compliance.

Some example scenarios:

  • A laptop containing sensitive information is stolen (physical intrusion or theft).
  • Sensitive information is inadvertently posted on a web site without access restrictions (configuration error).
  • Access restrictions are inadvertently changed or removed, exposing the data (configuration error).
  • A system compromise raises questions as to the continuing confidentiality of the data (intrusion).
  • Key logging software or other spyware is found on a host (malware).

​Please refer to the Data Breach Management policy (and related documents).

What happens when a computing incident is reported?

Sources of incident reports

  • Email to abuse@rutgers.edu
  • Results of network log analysis
  • Telephone reports
  • In person reports

Actionable incidents

  • The Rutgers University CIRT handles incidents in which a Rutgers host (or users) cause computer or network problems. This typically includes:
    • Violations of the University Code of Student Conduct
    • Violations of the Acceptable Use Policy for Computing and Information Technology Resources.
    • Violations of federal, state or local law.
  • Reports from departmental staff of attacks on their computers and subnets.

Issue escalation and overdue tickets

    • The Incidents queue is normal priority. After 5 business days (generally 1 calendar week), the contact is notified that the ticket is overdue, After 5 more business days, a request is sent to the Network Operations Center to block the host. A ticket can also be escalated if more than 5 reports are received for the same host.
  • Shorter time spans apply to incidents considered critical. After 2 business days, the incident is overdue. The RU CIRT makes every effort to notify departments by telephone of critical incidents.

Record retention

  • Two years for email to the Rutgers University Computing Incident Response Team (RU CIRT).
  • Two years for hardcopy files related to computer incidents.

How do I respond to a computer abuse incident?

Rutgers University employs a distributed security model. The RU CIRT reviews incident reports and dispatches them to the appropriate departmental computing staff for resolution. In other words, notification and data collection are centralized while execution and resolution are decentralized.

The RU CIRT reviews and forwards reports to departmental computing staff for resolution. A response from the department is expected within 3 days. Devices that impact the operation of RUNet are subject to blocking and/or removal from RUNet.
A response by departmental computing staff to abuse@rutgers.edu indicating that the issue has been resolved is appreciated. Please reply as to:

  • whether Restricted or Internal information stored on the device? If
    so, please briefly describe the data. See Rutgers University policy on
    Information Classification [PDF]
  • what you found upon your investigation of the problem
  • what steps were taken to fix the problem
  • whether the report was valid or a false positive

Note: Please do not send sensitive information in email.
Please retain the subject line so that we can more easily track responses to issues.