DoIT Incident Handling Procedures

  1. Detection

    • User notifies DoIT upon discovery of potential incident
    • DoIT confirms the incident
    • DoIT classifies the incident ad High-Risk or Low-Risk and documents what has happened
    • Communicates with Management as appropriate on what is going on
  2. Containment

    • Take steps needed to prevent incident from spreading
    • Document Containment steps
  3. Remediation

    • Determine incident cause based on the information gathered during the detection process
    • Determine how the attack was executed
    • Remove the threat
    • Perform a vulnerability assessment and remediate the vulnerability
    • Return the system to a trusted state
  4. Resolution

    • Check the system for any changes from the original state of the system
    • Test the system functionality for production
    • Restore system to production.
    • Monitor the system for any further incidents
  5. Closure

    • Complete report on incident to management and incident staff.

This website uses cookies to ensure site visitors get the best experience on our website. By continuing to use this site, you accept our use of cookies and Privacy Statement. To find out more, please visit Southern University's Privacy Statement.