Appendix E: DIRT

Data Incident Response Team (DIRT)

In order to respond to and recover from data security breaches, MIT established a Data Incident Response Team. When a compromise of data is suspected, a report is sent to DIRT, whose responsibilities are to:

  • Alert: Immediately notify all members of the team that a possible data incident occurred. Subsequently, keep the team members aware of the status of the incident.
  • Respond: Get in touch with the contact person for the machine in question -- if related to an electronic data incident -- to remove it from the network.
  • Investigate: Determine as soon as possible the full scope of the incident: what types of data were involved, the cause of the problem, and if PIRN had been exposed.
  • Notify: If an incident leads to exposure or if the team has reason to believe that information was acquired or used by unauthorized persons for an unauthorized purpose, the team initiates appropriate notification processes, in accordance with relevant laws, regulations, and contract requirements, so that counter-measures can be taken to protect the affected individuals against fraud and identity theft.
  • Document: Any actions taken in connection with an incident are documented and a post-incident review of events is conducted in order to record changes in business practices relating to the protection of PIRN.

Contact the team at infoprotect@mit.edu
Coordinator: Harry Hoffman