Skip to Content

Security Incident Management and Response

The Information Security Office performs incident management activities with the approval of University executive management and maintains a high level of expertise including incident handling certifications. We provide experienced leadership and counsel to individuals and departments faced with a security breach or an unauthorized disclosure of confidential information. The services include:

  • Receipt and processing of reports of suspected security incidents
  • Receipt and processing of abuse and appropriate use complaints
  • Incident containment, forensics, and evidence preservation
  • Coordination with law enforcement and Dean of Students (if applicable)
  • Incident documentation and reporting
  • Stakeholder consultation and assistance with victim notification (if applicable)
  • Assistance with after-incident recovery and/or restoration and
  • E-discovery (the location and retrieval of electronically stored information pursuant to a subpoena, litigation hold, or similar mandate)

Implementation and Support

  • Establish and maintain the Computer Security Incident Response Team (CSIRT)
  • University security incident documentation and reporting
  • Incident management between and among University departments and external agencies
  • Law enforcement coordination


  • Incident preparation, identification, containment, eradication, and recovery
  • Initial response to all reported security incidents and appropriate use violations
  • Tracking and logging of all incident activities
  • Digital forensic investigation
  • Establishing, communicating, and implementing incident recovery measures
  • Incident after-action reporting, meetings, and follow up activities
  • Act as a liaison between law enforcement agencies and the University
  • E-discovery services

Customer Responsibilities

  • Report all security incidents to the Information Security Office
  • Coordinate and cooperate with the Information Security Office if you are involved in a security incident