Turn on more accessible mode Turn off more accessible mode Skip Ribbon Commands Skip to main content Go To Top Anchor

UTIA Family, please refer to utk.edu/coronavirus for the latest updates and student information. For UTIA-specific resources, including event information and county office status, please visit utia.tennessee.edu/coronavirus

Agriculture of Tennessee Home Page Link
  • UT System
  • UTK
  • MyUTK
  • OneDrive
  • Online@UT
  • Email
  • A-Z
  • People
  • Institute
  • Academics
  • AG Research
  • Extension
  • Veterinary
Search
UTIA Information Security Program
  • Security Awareness
  • Incident ResponseCurrently selected
  • PCI
  • HIPAA
  • FERPA
  • GDPR
  • Policies and Procedures
  • Services
  • Committees
UT Institute of Agriculture > UTIA Information Security Program > Incident Response

Incident Response

Page Content


IT Security Incident Response is about responding to potential security incidents, while maintaining confidentiality, integrity, and availability (CIA) of any Institute-owned IT assets, particularly those classified as moderate, high, and business critical. The response must be conducted in a consistent manner in order to promptly restore operations, while following any industry (e.g., PCI) and government (e.g., HIPAA, FERPA, GDPR) standards to prevent the possibility of fines and loss of data. The response must also be properly documented for reporting requirements. Please be sure you are familiar with the following responsibilities from UTIA IT0122P - Information Security Incident Response and Reporting Procedures.

​
Page Content 2

End User Responsibilities​​

​​​Stop all work on the computer and contact your local IT representative or the OIT HelpDesk at (865) 974-9900.

Advise the local IT representative or OIT H​elpDesk if your system is classified as low, moderate, high, or business critical.

​
Page Content 3

​Local IT/OIT HelpDesk Responsibilities

Quickly and briefly investigate system anomalies to assess if an information system security incident is in progress or has occurred. 

Create a FootPrints ticket, completing all mandatory fields, marking the ticket request type as Incident. If a security incident has not occurred, mark the ticket request type as Service Request.

If the system is classified as moderate, high, or business critical:
  1. Do not turn the system's power off 
  2. Disconnect all network connections 
  3. Contact the UTIA Chief Information Security Officer (CISO) at once
  4. Wait for direction from the incident response team before taking any further action
If the system is classified as low:
  1. Run necessary scanning services as listed on UTIA Security website
  2. Contact UTIA CISO for additional support, if necessary
  3. Remediate the system by reimaging or per other departmental guidelines if necessary (i.e., scan hard drive with additional tools, rebuild, etc.)
  4. Update the ticket in FootPrints, logging results
Local IT/OIT will close FootPrints security tickets for systems classified as low, while the UTIA CISO will review and close all tickets for systems classified as moderate, high, or business critical, as related to security incidents.

​
Page Content 4

​UTIA CISO Responsibilities

Work with the Incident Response Team, as determined by the CISO, and/or the appropriate external party(s) to ensure that all response requirements are followed.

Ensure that all reporting requirements are met.

​​
Page Content 5
​​

Sandy Lindsey
Chief Information Security Officer
Information Technology Services
The University of Tennessee, Institute of Agriculture

Link to UtIAsecure Facebook Page

G061​ McCord Hall
2640 Morgan Circle Drive
Knoxville, Tennessee, 37996
Phone:(865) 974-7292
Mobile:(865) 806-5224
sandy@tennessee.edu | UTIAsecurity@tennessee.edu 

 



 
Real Life Solutions

The University of Tennessee Institute of Agriculture
Knoxville, TN 37996
Personnel Directory

Disclaimer · Indicia · EEO/AA Statement/Non-Discrimination Statement · Privacy Notice

Sign In