Cybersecurity, Reporting and responding to compromised websites, servers, services, applications, solutions, and other assets

A website, solution, or server that I run has been compromised. What are the requirements, next steps, and expectations?

When you discover a security event such as a compromised website, service, or server:

  1. If there is a breach probable use the emergency KB instead (click)
  2. Contact the Cybersecurity Operations Center (CSOC) via email at security@illinois.edu to coordinate incident response.
  3. Contact your Security Liaison
If you receive an incident notice from the CSOC about a compromise:
  1. Respond immediately
  2. Communicate with the CSOC the steps you've taken to contain, fix, or otherwise mitigate impact arising from the event. 
  3. Security may filter assets from the network or otherwise mitigate the compromise if warranted or if no timely response is received.
  4. It is critical that you inform Privacy and Security if your asset stores, processes, or transmits sensitive information or has access to sensitive or high-risk information.


See https://go.illinois.edu/csoc for more details on the Privacy & Security Critical Event Response team, what they do, and what to expect


Keywords:
Security Hacked server OPIA compromise breach response malware crack pwned cybersecurity csoc sensitive escalation escalate 
Doc ID:
56730
Owned by:
Security S. in University of Illinois Technology Services
Created:
2015-09-24
Updated:
2023-09-06
Sites:
University of Illinois System, University of Illinois Technology Services