DoIT Incident Handling Procedures
-
Detection
- User notifies DoIT upon discovery of potential incident
- DoIT confirms the incident
- DoIT classifies the incident ad High-Risk or Low-Risk and documents what has happened
- Communicates with Management as appropriate on what is going on
-
Containment
- Take steps needed to prevent incident from spreading
- Document Containment steps
-
Remediation
- Determine incident cause based on the information gathered during the detection process
- Determine how the attack was executed
- Remove the threat
- Perform a vulnerability assessment and remediate the vulnerability
- Return the system to a trusted state
-
Resolution
- Check the system for any changes from the original state of the system
- Test the system functionality for production
- Restore system to production.
- Monitor the system for any further incidents
-
Closure
- Complete report on incident to management and incident staff.