The STEAM-CIRT offers the following core services to its constituents at the West Lafayette Campus. For more information on these services, please contact us via one of the methods listed on the STEAM-CIRT Contact page.
Incident Response Services
The STEAM-CIRT provides IT Incident Response coordination and support. The following lists the specific services of IT Incident Response provided by the STEAM-CIRT.
- Incident Triage
The STEAM-CIRT acts as the "triage" center for all event reports it receives. These event reports, correspondence, supporting data, and information requests are prioritized for handling.
Any event which could be considered an IT Incident, as defined by the IT Incident Response Policy, should be reported to the STEAM-CIRT.
Please note that for each IT Incident processed, the STEAM-CIRT will assign it a unique tracking number. This tracking number should be referenced in all correspondence regarding the IT Incident.
- Incident Notification
The STEAM-CIRT provides IT Incident notification and coordination as one of its most important core services. The STEAM-CIRT maintains a master contact list of Purdue Security Contacts (PSCs) that represent each IT department. When an IT Incident occurs, the STEAM-CIRT notifies and works with the appropriate PSCs to remediate the IT Incident.
- Incident Analysis
To aid in the response to IT Incidents, the STEAM-CIRT provides IT Incident analysis support to PSCs responding to an IT Incident in addition to its initial analysis performed at Incident Triage.
The depth at which the STEAM-CIRT analyzes IT Incidents will vary for each one and is dependent on many factors including scope, severity, chance of repeat occurrence, and identification of new activity. In most cases, once the scope, severity, and remediation strategy has been determined, no further analysis will be performed unless new data becomes available.
- Incident Response Support
The STEAM-CIRT provides support to PSCs and IT support staff who are directly involved with an IT Incident. This support is provided via telephone, email, or documentation, and includes interpretation of evidence, and response and remediation techniques.
Limited response support is provided to users of Purdue University resources who may be affected by an IT Incident. This support is provided exclusively through email and is limited to the recommended recovery procedures. Users who require more in-depth support should contact their department's IT staff (for Purdue-owned equipment), or local computer repair shops/consultants for personal equipment.
- Incident Post-Mortems
An IT Incident post-mortem analysis reviews the efficacy of response to an IT Incident and seeks to find prevention methodologies to prevent future occurrences, as well as whether or how to improve IT Incident Response procedures.
The STEAM-CIRT manages post-mortems for all IT Incidents that significantly impact Purdue University's IT Resources, or as requested by management or PSCs. Requested-post mortems are performed on a first-come, first-served basis and are dependent upon available resources.
- Malware Analysis
Complementary to its Incident Analysis services, the STEAM-CIRT provides malware analysis to its constituents to determine the threats posed by the malware in question. Users of Purdue University IT Resources may contact firstname.lastname@example.org for details on this service.