NCSA wiki will be offline Friday, Apr 19, 2024, from 1700 hours until Sun, Apr 21, 2024 in order to upgrade Confluence.
...
We all have a shared responsibility to protect the systems and data we are responsible for and to follow NCSA and University policies and standards. Recognizing that hunting against systems may sometimes be disruptive, NCSA IRST takes extra precautions when hunting from privileged positions inside the NCSAnet (such as limiting scan rates and carefully monitoring for disruptions). Furthermore, NCSA IRST will inform system owners before any directed or manual penetration testing to help avoid tests at during a critical operational window, though such testing will not generally perform any actions that a malicious threat on the Internet could not do at any time. And if one of the automated scans is causing disruptions IRST will work with service operator to mitigate the effects and prevent future problems.
...
The security team is not the owner of risks, and sometimes neither is the system operator. When problems are identified that are not simple policy compliance, IRST will make recommendations on for remediation. For simple issues this may just be a single ticket, and for more complex issues it may require meetings and a remediation plan from the service operator. Significant risks will also be raised to the Security Office when the attention of senior management is appropriate.
...