CERT service has the task of managing IT security incidents involving users and hosts connected to the University network. In particular, CERT service :
If the necessary preconditions take place, the CERT operator opens a security incident linked to the alert in the ticketing system; after a first analysis of the problem, the CERT can start a task investigation involving in the solution process one or more correspondent authorities (which may be people or offices in some way involved, i.e. the manager of a server, an account owner, User Support service, Account service). This activity sends from email@example.com an email marked with the identifier [CERT @ UNITN #ticketnumber] to which the recipients must refer for further communications with CERT. By responding to this email, the correspondents report to CERT the outcome of actions they have taken. Once all the investigation tasks are completed, the CERT closes the incident and communicates the closure to the involved actors.
On demand and periodically, CERT can also analyze the vulnerabilities of a host by scanning tools that provide the applicant with detailed reports on any encountered security problems. CERT is available to the applicant to evaluate the criticality of the vulnerabilities and to share the most appropriate actions with the technician, and / or with the manager of the host.
Availability during business hours
Some particular incidents require a special level of secrecy and iare therefore managed with the appropriate precautions.
To report a computer security problem, write an email to firstname.lastname@example.org or fill in the helpdesk form (Need help?). The report will be processed and tracked in a centralized ticketing and helpdesk system. The user will receive a message of take charge with the identifier [ALERT @ CERT #ticketnumber] to which he can refer for further communications with CERT.