Cyber-Security Incident Handling Standard
RIT has created a process for handling computer incidents to ensure that each incident is appropriately resolved and further preventative measures are implemented.
Cyber-Security Incident Handling Standard
- Current Incident Handling Standard (supersedes previous version, comply by 1/23/15)
Who does the standard apply to?
- The standard primarily applies to administrators of RIT-owned or leased computing devices.
- The standard also applies to users of personally-owned or leased devices should the incident involve RIT resources.
What is an incident?
Incidents include the following types of events:
- Physical loss of a computing device (including storage devices)
- Detection of unauthorized users accessing a computing device
- Discovery of malware on a computing device
- Discovery of critical vulnerabilities or improper configuration that could result in a breach of information
What do I have to do?
| Group | Action Needed |
|---|---|
| Everyone | If the incident involves the loss or theft of a device containing Private, Confidential or Operationally Critical information, you should immediately file a report with Public Safety. |
| Self-supported users |
|
| Users supported by Systems Administrators |
|
| System Administrators |
|
Resources
- Incident Handling Flowchart (rev. 11/16/15)
- Report a Computer Incident If you suspect a cybersecurity incident, immediately report it by calling the RIT Service Center at 585-475-5000, or on the web at help.rit.edu. When reporting by phone after hours, there is a prompt to speak to the on-call person in an emergency. Follow the cybersecurity incident handling instructions as described on the Information Security Office website.