Skip to Content

Division of Information Technology

Compromised System Response Procedure

Date Issued: June 27, 2022
Date Effective:June 27, 2022
Owner: UISO - University Information Security Office

Purpose

The purpose of this procedure is to establish a process for the initial evaluation, escalation, and remediation of computer compromise by malicious code or other forms of intrusion.

As recommended methodology is revised, and as resources become available for improved secure implementation of data systems, it is the intent of the UISO to revise this procedure accordingly.

Scope

This procedure applies to:

  • all systems owned by the university, when exhibiting symptoms of compromise.

Definitions

In the context of this document, the following terms are used as indicated here:

  • system - a computer (physical or virtual), a network device, or a cloud service (PaaS, SaaS, IaaS).

Process

IMPORTANT: Any access or alteration to the system will impact a potential breach investigation.

  1. Do not access or alter the system in any way until the UISO clears you to do so.
  2. Ask the user or administrators involved if restricted data (e.g. SSNs, credit card numbers, grades, medical information) are stored or processed on the system.                               
  3. Immediately contact the University Information Security Office (UISO) with the following information:
    • A description of the type(s) of data processed or stored on the system
    • User's name and account IDs
    • System name
    • A description of the system
    • IP address
    • Description of symptoms
    • Time of first observed symptoms
  4. If the system does handle sensitive data, the UISO will perform incident response.
  5. If the system does not handle sensitive data, the unit will verify the intrusion and follow the organization's procedures for cleaning the system.

Responsibility for Implementation

The technician assigned to remediate the compromise is responsible for following this procedure.

Enforcement and Consequences

Failure to comply with this procedure could result in serious legal and/or public relations consequences for the university. Any person found in violation may face disciplinary action as appropriate.

Challenge the conventional. Create the exceptional. No Limits.

©