Security, Responding to compromised websites, servers, services, or assets

A website or server that I am responsible for has been compromised. What are my next steps?

When an administrator of becomes aware of a security event such as a compromised website, service, or server, and have not received a notice or alert from Privacy and Security, they should contact to coordinate the incident response.

If an administrator receives a notice from Privacy and Security about a compromise they should respond as soon as possible and report back the steps taken to contain, fix, or otherwise mitigate any impact arising from the event.  Security may filter assets from the network if warranted, or if no timely response is received regarding the compromised system.

The administrator of the system must inform Privacy and Security of mitigation steps taken, and whether or not the system stores sensitive information or has access to sensitive information.

Keywords:Security Hacked server OPIA compromise breach response   Doc ID:56730
Owner:Security S.Group:University of Illinois Technology Services
Created:2015-09-24 15:27 CDTUpdated:2017-04-14 16:34 CDT
Sites:University of Illinois Technology Services
Feedback:  0   0