23. IT Security - Notifying OxCERT

Starting on 4th May OxCERT will be making a number of changes to processes for dealing with incidents to provide a more consistent service to IT Staff, and to meet a number of the recommendations of the University Auditors. Many of these changes have been prompted by the large increase in numbers of information-stealing malware samples we are seeing and the need to streamline our processes to deal with this.

The changes that you may see are as follows:

  • Automated notifications when blocks are removed
  • Automatic reminders to supply affected username(s) in keylogger incidents
  • Notifications to all relevant ITSS of users affected by keylogger incidents (even when the incident occurred in another unit)
  • No changes to our block notification mails, these are not automated
  • If you run a service using an authentication method other than SSO for users outside your own unit, you may wish to make contact to enable us to send you appropriate notifications if users of the service are affected by a keylogger

You can find more details about the motivations for these changes and some of the behind the scenes changes we’re making in our monthly reports.

Up: Contents Previous: 22. IT Regulations Changes Next: 24. Crowdsourcing with RunCoCo