Date Issued: June 27, 2022
Date Effective:June 27, 2022
Owner: UISO - University Information Security Office
The purpose of this procedure is to establish a process for the initial evaluation, escalation, and remediation of computer compromise by malicious code or other forms of intrusion.
As recommended methodology is revised, and as resources become available for improved secure implementation of data systems, it is the intent of the UISO to revise this procedure accordingly.
This procedure applies to:
- all systems owned by the university, when exhibiting symptoms of compromise.
In the context of this document, the following terms are used as indicated here:
- system - a computer (physical or virtual), a network device, or a cloud service (PaaS, SaaS, IaaS).
IMPORTANT: Any access or alteration to the system will impact a potential breach investigation.
- Do not access or alter the system in any way until the UISO clears you to do so.
- Ask the user or administrators involved if restricted data (e.g. SSNs, credit card numbers, grades, medical information) are stored or processed on the system.
- Immediately contact the University Information Security Office (UISO) with the following information:
- A description of the type(s) of data processed or stored on the system
- User's name and account IDs
- System name
- A description of the system
- IP address
- Description of symptoms
- Time of first observed symptoms
Responsibility for Implementation
The technician assigned to remediate the compromise is responsible for following this procedure.
Enforcement and Consequences
Failure to comply with this procedure could result in serious legal and/or public relations consequences for the university. Any person found in violation may face disciplinary action as appropriate.