Cybersecurity, Reporting and responding to compromised websites, servers, services, applications, solutions, and other assets
A website, solution, or server that I run has been compromised. What are the requirements, next steps, and expectations?
When you discover a security event such as a compromised website, service, or server:
- If there is a breach probable use the emergency KB instead
- Contact the Cybersecurity Operations Center (CSOC) via email at firstname.lastname@example.org
to coordinate incident response.
- Contact your Security Liaison
If you receive an incident notice from the CSOC about a compromise:
- Respond immediately
- Communicate with the CSOC the steps you've taken to contain, fix, or otherwise mitigate impact arising from the event.
- Security may filter assets from the network or otherwise mitigate the compromise if warranted or if no timely response is received.
- It is critical that you inform Privacy and Security if your asset stores, processes, or transmits sensitive information or has access to sensitive or high-risk information.
See https://go.illinois.edu/csoc for more details on the Privacy & Security Critical Event Response team, what they do, and what to expect