|
|
|
|
Security InformationSecurity AwarenessSecurity Resources© 2009 The Regents of the University of California.
|
|
| Guidelines and Procedures for Blocking Network Access Home The following was approved at the March 12, 2002 meeting of the Provost's Advisory Council. Purpose Central campus network and security personnel must take immediate action to mitigate any threats that have the potential to pose a serious risk to campus information system resources or the Internet. If the threat is deemed serious enough, the computer(s) posing the threat will be blocked or disconnected from network access. These guidelines specify how the decision to block is made and the procedures involved. Guidelines Central campus network and security personnel have the authority to evaluate the seriousness and immediacy of any threat to campus information system resources or the Internet and to take action to mitigate that threat. Action that is taken will be responsible and prudent based on the risk associated with that threat and the potential negative impact to the campus mission caused by making the offending computer(s) inaccessible. Examples of threats that are serious enough to invoke these procedures are:
Other regulations or campus policies for which separate procedures exist may also result in blocking network access. These include:
Procedures The intent of central campus network and security personnel who operate under these guidelines is to work cooperatively with departmental security contacts in blocking network access. The practice is to notify departmental security contacts prior to blocking in order that they may address the problem in a timely and appropriate manner. However, there may be times when this is not possible or practical. If the threat is immediate, or the impact is severe, as evaluated by the central campus network and security personnel, the offending computer(s) will be blocked immediately and notification will be sent to the departmental security contact(s) via phone and email regarding the threat. Approval of the blocking by the Director of Core Technologies or departmental security contact must be obtained within 3 days, or the blocking will be removed. If the threat is not immediate, or the impact is acceptable, notification of the threat will be sent to the departmental security contact(s) via phone and email. If a response is not received within 2 days indicating that the department is taking action to mitigate the threat, the offending computer(s) will then be blocked. In either case, if a block has been put in place it will be removed when both the department and central campus security personnel agree that the problem causing the incident has been sufficiently addressed. Recourse If a department feels that a computer has been inappropriately blocked it may request a review of the decision by the Director of Core Technologies. If there is still a disagreement with the decision, it may be further reviewed by the Vice Chancellor, Business and Administrative Services, and if necessary, by the Executive Vice Chancellor and Provost. References
|
