Incident response tracking procedure

Published on: October 17, 2013

  • Report sent to security.admin@utoronto.ca.
  • If necessary, the individual submitting the incident report is asked to forward logs, e-mail headers, or other information necessary to assist the University in investigating the incident.
  • The incident is assigned to an individual within ISEA for investigation.
  • The System/Network Administrator responsible for the system from which the incident originated is contacted and asked to investigate.
  • The System/Network Administrator investigating the incident reports his/her findings and actions taken to ISEA.
  • If necessary, the incident is escalated to management for further action (such as authorizing the suspension of network connections, user accounts, etc. as necessary to minimize the effect of the incident on the rest of the University community or outside resources.
  • Once the incident is resolved, the individual who submitted the report is notified and informed on how the status of the incident report.