What is Incident Management?
Events that place institutional information or mission critical systems at risk are called information security incidents. Incident management involves preparing for and responding to information security incidents. The incident management procedure consists of identifying, detecting, and determining if an anomaly is an information security incident, and if so:
- Containing and preventing any further damage from happening;
- Eradicating malicious and other illicit content off of the affected system;
- Recovering affected systems and restoring them back into production service(s); and
- Notifying appropriate legal entities when necessary.
What does the Information Security Office do?
The Information Security Office (ISO) directs incident investigations and responses in collaboration with the ISL from affected department(s). ISO also preserves evidence and ensures an audit trail is maintained throughout the incident investigation. As appropriate, the ISO coordinates with other groups on campus, including UNC Police, the Privacy Office, and the Office of University Counsel.
What do I do in the event of a possible incident?
See the Incident Management Procedure.