IT Security Incident Response is about responding to potential security incidents, while maintaining confidentiality, integrity, and availability (CIA) of any Institute-owned IT assets, particularly those classified as moderate, high, and business critical. The response must be conducted in a consistent manner in order to promptly restore operations, while following any industry (e.g., PCI) and government (e.g., HIPAA, FERPA, GDPR) standards to prevent the possibility of fines and loss of data. The response must also be properly documented for reporting requirements. Please be sure you are familiar with the following responsibilities from UTIA IT0122P - Information Security Incident Response and Reporting Procedures.

End User Responsibilities​​

​​Stop all work on the computer and contact your local IT representative or the OIT HelpDesk at (865) 974-9900.

Advise the local IT representative or OIT H​elpDesk if your system is classified as low, moderate, high, or business critical.

​Local IT/OIT HelpDesk Responsibilities

Quickly and briefly investigate system anomalies to assess if an information system security incident is in progress or has occurred. 

Create a FootPrints ticket, completing all mandatory fields, marking the ticket request type as Incident. If a security incident has not occurred, mark the ticket request type as Service Request.

If the system is classified as moderate, high, or business critical:
  1. Do not turn the system's power off 
  2. Disconnect all network connections 
  3. Contact the UTIA Chief Information Security Officer (CISO) at once
  4. Wait for direction from the incident response team before taking any further action
If the system is classified as low:
  1. Run necessary scanning services as listed on UTIA Security website
  2. Contact UTIA CISO for additional support, if necessary
  3. Remediate the system by reimaging or per other departmental guidelines if necessary (i.e., scan hard drive with additional tools, rebuild, etc.)
  4. Update the ticket in FootPrints, logging results
Local IT/OIT will close FootPrints security tickets for systems classified as low, while the UTIA CISO will review and close all tickets for systems classified as moderate, high, or business critical, as related to security incidents.

​UTIA CISO Responsibilities

Work with the Incident Response Team, as determined by the CISO, and/or the appropriate external party(s) to ensure that all response requirements are followed.

Ensure that all reporting requirements are met.

​​