Cybersecurity, Reporting and responding to compromised websites, servers, services, applications, solutions, and other assets

A website, solution, or server that I run has been compromised. What are the requirements, next steps, and expectations?

When you discover a security event such as a compromised website, service, or server:

  1. If there is a breach probable, use the emergency KB instead
  2. Contact the Cybersecurity Operations Center (CSOC) via email at security@illinois.edu to coordinate incident response.
  3. Contact your Security Liaison
If you receive an incident notice from the CSOC about a compromise:
  1. Respond immediately
  2. Communicate with the CSOC the steps you've taken taken to contain, fix, or otherwise mitigate impact arising from the event. 
  3. Security may filter assets from the network or otherwise mitigate the compromise if warranted, or if no timely response is received.
  4. It is critical that you inform Privacy and Security if your asset stores, processes, or transmits sensitive information; or has access to sensitive or high-risk information.


See https://go.illinois.edu/csoc for more details on the Privacy & Security Critical Event Response team, what they do, and what to expect




Keywords:Security Hacked server OPIA compromise breach response malware crack pwned cybersecurity csoc sensitive   Doc ID:56730
Owner:Security S.Group:University of Illinois Technology Services
Created:2015-09-24 15:27 CDTUpdated:2019-06-27 13:53 CDT
Sites:University of Illinois System, University of Illinois Technology Services
Feedback:  0   0