It is important that you report actual or suspected IT security incidents as soon as possible so that work can begin to investigate and resolve them.
Refer to the complete College of Engineering Incident Response Procedure for further guidance.
- During the First 10 Minutes
- Contain the incident:
- restrict network access, disable remote access, do NOT use the machine
- Preserve evidence:
- collect volatile data such as memory contents, process information, network activity, etc. (CoE IR Toolkit)
- AVOID:
- running anti-virus software, powering down the machine, or attempting any kind of unilateral mitigation procedure
- Identify if the machine contains Sensitive Data.
- Sensitive data refers to data whose unauthorized disclosure may have a serious adverse effect on the university’s reputation, resources, services, or individuals. Data protected under federal or state regulations, or due to proprietary, ethical, or privacy considerations will typically be classified as sensitive.
- Examples: student records, sensitive research data, FISMA data, and other sensitive data types
- Ask the user if the device has any data that, if made public, would hurt the university’s reputation.
- If it is found that the device does contain sensitive data – CONTACT [email protected] and await further instructions.
- Sensitive data refers to data whose unauthorized disclosure may have a serious adverse effect on the university’s reputation, resources, services, or individuals. Data protected under federal or state regulations, or due to proprietary, ethical, or privacy considerations will typically be classified as sensitive.
- Contain the incident:
- During the First 24 Hours
- Report all incidents to [email protected]
- Serious incidents must also include [email protected]
- Refer to Severity Assessment guidelines to determine if serious
- Provide as much information as possible including:
- Your name
- Department
- Email address
- Telephone number
- Description of the IT security problem
- Identification of the host(s)
- Date and time the problem was first noticed (if possible)
- Sensitive data type(s) accessed or maintained by the host(s)
- Any other known resources affected
- Serious incidents must also include [email protected]
- Alert business owners and leadership, advising them to keep all details confidential until further notice
- Report all incidents to [email protected]