Information Security Incident Response

Incident Response Methodology

The Incident Response methodology outlined here is primarily for University departmental contacts and information technology personnel with direct involvement in the identification and resolution of security incidents on the systems, data, and applications which they manage. The University Incident Response Plan addresses events affecting any University information technology resource which may negatively impact the confidentiality, integrity, and/or availability of the resource. Because of the variety of potential incidents, any attempt to take into consideration the technical procedures required to remediate each incident would be incomplete. For that reason, the methodology outlined here does not attempt to address the technical procedures associated with incident handling. The Incident Response Plan provides a framework within which incident response handlers can work to ensure a complete and consistent approach to security incidents.

Employee Responsibilities

It is the responsibility of the employee who discovers a security incident to immediately notify his or her supervisor and to report the incident to the Information Security Office. Timely reporting allows the Information Security team to determine if further investigation is necessary, and limits any further damage or loss of data. To view information on reporting an incident click here.

IS Support Protocol (Desktop or Mobile)

Suggested guidelines for IS personnel responding to an actual or suspected compromise of a University owned faculty or staff computing resource click here.

Incident Response Documents

The following is restricted to personnel directly involved in incident response and therefore requires a username/password to access.