- What is an incident?
- What is incident handling?
- What is an incident response team?
- To whom should incidents be reported?
In general, an incident is a violation of a computer security policies, acceptable use policies, or standard computer security practices. Examples of incidents are:
- An attacker commands a botnet to send high volumes of connection requests to one of an organization’s web servers, causing it to crash.
- Users are tricked into opening a “quarterly report” sent via email that is actually malware; running the tool has infected their computers and established connections with an external host.
- A perpetrator obtains authorization access to sensitive data and threatens to release the details to the press if the organization does not pay a designated sum of money.
- A user provides illegal copies of software to other through peer-to-peer file sharing services.
Incident handling is the process of detecting and analyzing incidents and limiting the incident’s effect. For example, if an attacker breaks into a system through the Internet, the incident handling process should detect the security breach. Incident handlers will then analyze the data and determine how serious the attack is. The incident will be prioritized, and the incident handlers will take action to ensure that the progress of the incident is halted and that the affected systems return to normal operation as soon as possible.
An incident response team (also known as a Computer Security Incident Response Team (CIRT) is responsible for providing incident response services to part or all of an organization. The team receives information on possible incidents, investigates them and takes action to ensure that the damage caused by the incidents is minimized.
IT Security Incidents should be reported to the online Service Desk at https://servicedesk.vsu.edu or or by contacting the Help Desk at (804) 524-5210 or (877) 394-8535. We will review, investigate, and resolve the incident. Generally, the highest priority is handling incidents that are likely to cause the most damage to the University IT infrastructure.