Incident

Technical Resources

Technical Resources

This section of the website contains links to tools and documentation specifically for use by administrators. Scroll to the bottom of the page to access these resources.

What are my responsibilities as an administrator?

You are responsible for ensuring that all web resources, computers, servers, network devices, and any other types of computing devices that you support comply with all published standards.

You are also responsible for prompt reporting of computer incidents to the ISO in accordance with the Computer Incident Handling Standard.

Computer Incident Handling Resources

Security Checklists

Exceptions

The Information Security Office has provided a method for obtaining an exception to compliance with the published security standards.

Questions

If you have any questions or feedback about specific information security requirements, please e-mail us at infosec@rit.edu.

Computer Incident Handling Standard

Computer Incident Handling Standard

RIT has created a process for handling computer incidents to ensure that each incident is appropriately resolved and further preventative measures are implemented.

Who does the standard apply to?

  • The standard primarily applies to administrators of RIT-owned or leased computing devices.
  • The standard also applies to users of personally-owned or leased devices should the incident involve RIT resources.

What is an incident?

Incidents include the following types of events:

  • Physical loss of a computing device (including storage devices)
  • Detection of unauthorized users accessing a computing device
  • Discovery of malware on a computing device
  • Discovery of critical vulnerabilities or improper configuration that could result in a breach of information

What do I have to do?

Group Action Needed
Everyone If the incident involves the loss or theft of a device containing Private, Confidential or Operationally Critical information, you should immediately file a report with Public Safety.
Self-supported users If the device contains Private, Confidential or Operationally Critical information, contact your support organization immediately.
If the device does not contain Private, Confidential or Operationally Critical information, you can attempt to resolve the issue on your own.
Users supported by Systems Administrators Contact the ITS HelpDesk if you cannot resolve the problem on your own. If they discover high risk threats, they will engage the Computer Incident Handling process
Report any suspicious computer activity to your support organization. Anything from a drastic slowdown in computer performance to something as simple as the cursor moving around on its own constitutes suspicious activity.
System Administrators Report the incident to the Information Security Office.
Read and understand the Computer Incident Handling Standard and the process flow chart before an incident occurs! Quick action is essential to minimizing damage, so know what needs to be done ahead of time.
Visit the Systems Administrators Resources page to find tools and additional information

Resources

Computer Incident Handling Standard

 

Subscribe to RSS - Incident