UC Davis Cyber-Safety Program: Incident Response Plan
If you are a computer user within an academic or administrative department on campus, you may have a Technology Support Coordinator (TSC) who is working to secure your system. Before taking any of the security steps listed below, please check with your TSC.
From the UC Davis Cyber-Safety Program Policy:
"Campus units must develop, publish and maintain an incident response plan. An incident response plan will identify immediate action to be taken upon incident discovery, investigation, restoration and reporting."
Back to Cyber-Safety Main
Information...
What is an incident response plan?
UC Davis, like many higher education institutions, is a frequent target of unauthorized attempts to view, manipulate, or damage campus computer systems, networks and/or data. Such unauthorized activity may threaten the availability, integrity and/or confidentiality of electronic data. Along with the increasing number of security vulnerabilities and security breaches reported each year, security incidents have become more sophisticated, damaging and more expensive to recover from. Organizations need to formalize their processes to identify, analyze, investigate and report on computer and network security incidents. The resulting incident response plan should provide a clear direction for:
- Controlling and managing the incident,
- Timely investigation and assessment of the severity of the incident,
- Recovery or bypass of the problem source,
- Notification of the incident to senior campus administrators,
- Preventing similar incidents in the future.
Why is this important?
Many organizations do not have a process for responding to computer security incidents. Regardless of the level of technology investment, security-related hardware and software cannot prevent all attacks. At some point, a security breach will occur. Units without a plan may respond to the incident in a less coordinated, efficient or effective manner, and may experience greater damage and a prolonged recovery period.
Campus sysadmins recommend...
Tools and Resources...
- Draft UC Davis Incident Response Plan (PDF)
- Computer Security Incident Response Planning , Internet Security Systems (PDF)
- EDUCAUSE: Effective Security Practices Guide - Incident Handling and Response
- NIST: Computer Security Incident Handling Guide (PDF)
- IET Unit Incident Response Plan Template (PDF)