College of Engineering Incident Response

It is important that you report actual or suspected IT security incidents as soon as possible so that work can begin to investigate and resolve them.

Refer to the complete College of Engineering Incident Response Procedure for further guidance.

  • During the First 10 Minutes
    • Contain the incident:
      • restrict network access, disable remote access, do NOT use the machine
    • Preserve evidence:
      • collect volatile data such as memory contents, process information, network activity, etc. (CoE IR Toolkit)
    • AVOID:
      • running anti-virus software, powering down the machine, or attempting any kind of unilateral mitigation procedure
    • Identify if the machine contains Sensitive Data.
      • Sensitive data refers to data whose unauthorized disclosure may have a serious adverse effect on the university’s reputation, resources, services, or individuals. Data protected under federal or state regulations, or due to proprietary, ethical, or privacy considerations will typically be classified as sensitive.
      • Ask the user if the device has any data that, if made public, would hurt the university’s reputation.
      • If it is found that the device does contain sensitive data – CONTACT [email protected] and await further instructions.
  • During the First 24 Hours
    • Report all incidents to [email protected]
      • Serious incidents must also include [email protected]
      • Provide as much information as possible including:
        • Your name
        • Department
        • Email address
        • Telephone number
        • Description of the IT security problem
        • Identification of the host(s)
        • Date and time the problem was first noticed (if possible)
        • Sensitive data type(s) accessed or maintained by the host(s)
        • Any other known resources affected
    • Alert business owners and leadership, advising them to keep all details confidential until further notice