Understanding Security Threats and Incident Management

Overview

Pitt IT Security offers University departments access to leading practices and expert guidance for ensuring network security and managing incidents. Contact us any time to discuss our offered services for proactively mitigating risks or in any instance where you think an incident has occurred.

Threat and Incident Services

1. Access Management
2. Incident Management
3. Investigations and Forensics
4. Threat Detection and Response
5. Vulnerability Management
6. Security Operations

Detail

1. Access Management

Control access to your data and networks.

1. Network Access — Explore Enterprise Network Security Controls available to University departments. Learn how to incorporate Firewall, Proxy, VLAN, and VPN technology into your security plan.  
2. Identity Management —  Allow University faculty and staff to request access to your systems and data with an automated process using the Federated Authorization Community.
3. Authentication — Add an additional layer of security to online accounts with Pitt Passport by requiring two “factors” of identity verification.
4. Physical Security — Validate and add physical access to restricted areas managed by Pitt IT. Examples of these areas include the DataCenter, Telecom Closets and Offices belonging to Pitt IT.
5. Remote Support — Provide safe and secure remote IT support to customers with BeyondTrust Secure Remote Support (SRS), which enables support providers to connect, control, and share files with customer devices in a secure environment.
6. Encryption Management — Protect your accounts and networks with Outlook Email Encryption for your University email and InCommon and USERTrust Certificates for using University internet.
   • Outlook Email Encryption Security Guide
   • How to Install the InCommon and USERTrust Certificates

2. Incident Management

The goals of incident management are to restore an affected service operation to normal as quickly as possible and to minimize the impact on business operations, thus ensuring the best possible levels of service quality and availability are maintained.

Detection and Investigation

Pitt IT Security utilizes a robust and layered array of centralized security measures to help protect the University. These measures include application monitoring, enterprise network firewalls, network monitoring, proactive auditing, VPN solutions, security reviews of third-party vendors, advanced detection and prevention tools, and more.

Exception Handling

In rare instances, schools or departments may seek an exception for their IT environment to allow for a practice that does not comply with a University standard. In these cases, requests should be submitted to helpdesk@pitt.edu or by calling Call 412-624-HELP (4357). The Pitt IT Security Threat and Incident Management team will evaluate the request and provide guidance on proceeding safely and securely.

Security Incident Response

Pitt IT Security helps to protect University computer systems by working with departments to quickly respond to security incidents, including compromised computers, at-risk servers, and data breaches that result in the unauthorized disclosure of University Information. Learn more about Incident Response.

3. Investigations and Forensics

Legal

At the request of the Office of General Counsel, Pitt IT Security will assist in the recovery, investigation, examination, analysis, and production of material found in digital devices and enterprise systems.

Law Enforcement

At the request of Law Enforcement, Pitt IT Security will assist in the recovery, investigation, examination, analysis, and production of material found in digital devices and enterprise systems.

4. Threat Detection and Response

Threat Hunting

Pitt IT Security will proactively search for cyber threats that are undetected in departmental and University networks. This practice identifies malicious actors that have slipped past initial endpoint security defenses of IT environments.

Penetration Testing

Pitt IT Security intentionally launches simulated cyberattacks that seek out exploitable vulnerabilities in computer systems, networks, websites, and applications.

5. Vulnerability Management

Vulnerability management is the process in which vulnerabilities in the managed systems are identified, the risks of these vulnerabilities are evaluated, corrective actions are taken for removing the risks, or the involved risk is accepted by the authorized senior director for the department and approved by the Chief Information Security Officer.

Vulnerability management process steps

1. Identification — Asset and system inventory, and scanning of assets
2. Assessment — Assessment of identified vulnerabilities and the criticality of the systems
3. Mitigation — Remediation of the discovered vulnerabilities and risk acceptance for the university assets and information systems when justified
4. Reporting — Reporting of vulnerabilities to key stakeholders for at-risk systems

6. Security Operations

Automation

The Pitt IT Security Threat and Incident Management team can collect inputs from many security, network, and system tools to automatically triage potential threats to the University network.

SOC Management

Pitt IT Security monitors and triages procedural alerts that can’t be automated 24/7/365 by utilizing the Security Operations Center.

Security Tool Administration

Pitt IT Security ensures that security tools are updated and tuned for optimum functionality.