skip to content

IT Help and Support

University Information Services
 

CSIRT is a specialist IT security team. It co-ordinates the response to IT security incidents and threats with University IT staff.

 

What does CSIRT do?

CSIRT (Computer Security Incident Response Team) is a team of IT security staff that co-ordinates the response to IT security incidents, providing a second-line IT support team to college and departmental IT staff. CSIRT is able to draw upon the expertise of other UIS teams such as Server Infrastructure, Networks and the Service Desk. It liaises with recognised IT contacts in every University institution.

CSIRT is not an IT Service Desk and it does not provide direct support to general staff or students. General staff or students contacting CSIRT will be referred to their local departmental/college IT staff, or the UIS Service Desk if appropriate.

CSIRT activities include:

  • Co-ordinating the response to IT security incidents, where required, at the University of Cambridge.
  • Monitoring IT security infrastucture to detect computer security incidents or problems.
  • Providing technical IT security advice and assistance.
  • Advising on, applying or, where necessary, enforcing University policy in IT security.
  • Providing IT security alerts.
  • Promoting IT security best practices.
  • Co-ordinating with JANET-CSIRT, CISP and other external organisations.

It operates during normal UIS working hours, 09:00 to 17:00, Monday to Friday (excluding Public Holidays).

 

How to contact CSIRT

IT security incidents occur every day at the University. CSIRT is always interested in receiving information, reports or providing assistance.

  • If you are a Computer Officer (or similar) and have identified a potential security incident, please contact CSIRT.
  • If you are a general member of staff or a student, please contact your designated IT Service Desk first.

Email:

 

University Cyber-Security Incident process

CSIRT uses the University cyber-security incident process

 

Emergency actions

Where a major IT security incident threatens IT infrastructure, IT services or data across the collegiate University, CSIRT can take emergency actions to protect the majority of the University community and minimise the risk or impact of the threat – for example, a malware outbreak, DDoS attack or critically vulnerable system.

This can include the temporary blocking or disconnection of IT services, infrastructure or institutional networks, such that a threat is contained within a local institution.
 

Areas not covered by CSIRT

CSIRT is there to assist IT staff with computer security incidents. It does not provide assistance with other types of of incident, such as:

  • General IT incidents or problems.
  • Physical security threats, such as bomb alerts, theft or suspicious activity.
  • Human resource incidents, such as (cyber) bullying or disputes.
  • Financial fraud.
  • Criminal activities.
  • Prevent strategy.
  • IT service interruptions or downtime.
  • GDPR breaches.

The University has dedicated departments or teams that are responsible for these types of incident. They should be contacted if assistance is required.