Policy on Responsibility for Securing Computing Resources
Responsibility for securing computing resources is defined in Boston University’s Information Security Management Guidelines. This policy states that it is the responsibility of the local Systems Administrator and Departmental Security Administrator (DSA) to enforce computer security policy for the department and maintain the security of the department’s computer resources. This ideal is further reinforced in the Information Security Policy in the Responsibilities section.
To assist departments and researchers in maintaining information security, the IS&T Incident Response Team provides 24×7 support of intrusion detection hardware and software for the Charles River Campus and, increasingly, the Medical Campus. The Incident Response Team investigates all alerts generated by the intrusion detection system. If a compromised system is found, the party responsible for the system is notified. When necessary, access to the campus network from the affected system may also be suspended to prevent the compromise from threatening other systems and services. Digital Forensic Services are provided free of charge for University owned systems.
In addition, IS&T publishes a number of best practice documents on the IS&T website. Topics range from general installation guides for various operating systems to specific information such as How to Secure Your Apache Web Server. IS&T also sends security advisories on IS&T-supported software products on an as-needed basis and maintains an archive of these advisories.