Skip to main content.
Information Technologies Security Program
IT Security Program Home > Information Technologies Security Program Home Page > Incident Handling

Incident Handling

Incident Handling refers to those practices, technologies and/or services used to respond to suspected or known breaches of security safeguards.

Once a suspected intrusion activity has been identified as a security-breach incident, it must be contained as soon as possible, and then eradicated so that any damage and risk exposure to the University are avoided or minimized. Information technology security incidents frequently involve deliberate, malicious acts that may be technical (e.g., creation of viruses, system hacking) or non-technical (e.g., theft, property abuse, service disruption). Often, if the incident is left unchecked, then the damage it causes spreads within -- and beyond -- the University.

Handling incidents can be logistically complex, and may require information and assistance from sources outside the University's Department of Information Technologies (such as technical specialists, law enforcement entities such as state police or FBI, and the University Relations office). The University combines both proactive and reactive strategies to deal with IT security incidents. Examples of proactive activities include establishing communication mechanisms to report incidents and to disseminate incident alerts and identifying technical experts who can provide emergency assistance if needed. Examples of reactive activity include blocking or aborting computer processes, temporarily denying user access or disabling vulnerable services, and deploying patches or innoculation software.

[Adapted from materials provided by the Virginia Alliance for Secure Computing
and Networking (VA SCAN -- see http://www.vascan.org )]

University Standards for Incident Handling

  1. The University maintains an up-to-date Incident Response Plan (IRP), which identifies the responsibilities and actions to be taken in response to incidents.
  2. The University ensures that out-of-band communication alternatives are established as part of their Incident Response Plan (so that the "compromised" device, platform or medium is not used to notify users or to report the incident).