When does incident response occur?
In accordance with University IT Policy 3.00, the University Information Security Office is responsible for coordinating and investigating information security incidents. A security incident has occurred anytime there has been unwanted activity that may affect the confidentiality, integrity, or availability of an IT system, including unauthorized access to systems.
During the incident response process, the university follows the industry standard processes of preparation, identification, containment, eradication, recovery, and lessons learned.
The Incident Response Procedure
The documents linked below illustrate the university-wide Information Security Incident
Response Procedure. Sub-procedures within the overall process are maintained with
the respective organizational units.
- Incident Response Management Overview [pdf] - Diagrams the management hierarchy and duties for incident response.
- Incident Response Procedure Swimlane [pdf] - Swimlane diagram of the Procedure for sensitive data incident response.
- Compromised System Response Procedure - Describes the initial process to be followed when compromise of a university system is detected.