Local IT/OIT HelpDesk Responsibilities
Quickly and briefly investigate system anomalies to assess if an information system
security incident is in progress or has occurred.
Create a FootPrints ticket, completing all mandatory fields, marking the ticket request type as Incident. If a security incident has
not occurred, mark the ticket request type as Service Request.
If the system is classified as moderate, high, or business critical:
- Do not turn the system's power off
- Disconnect all network connections
- Contact the UTIA Chief Information Security Officer (CISO) at once
- Wait for direction from the incident response team before taking any further
action
If the system is classified as low:
- Run necessary scanning services as listed on UTIA Security website
- Contact UTIA CISO for additional support, if necessary
- Remediate the system by reimaging or per other departmental guidelines if
necessary (i.e., scan hard drive with additional tools, rebuild, etc.)
- Update the ticket in FootPrints, logging results
Local IT/OIT will close FootPrints security tickets for systems classified as low, while the UTIA CISO will review and close all tickets for systems classified as
moderate, high, or business critical, as related to security incidents.