Cybersecurity, Emergency Incident, Contacting Security

How to contact the Cybersecurity Operations Center on-call responder in an emergency.

Cybersecurity breach or other cybersecurity emergency? 

IF YOU DISCOVER A PROBABLE BREACH  

STOP!

  • Do not power anything off.
  • Do not remove anything from the network yet if at all possible.
  • Do not mess with any of the affected things if at all possible.
  • Before you do anything, Security needs to work towards understanding, containing, mitigating, and ultimately recovering the incident. Messing with the system can complicate or disrupt campus’ ability to do those things, so please take two steps back and breathe.
REPORT IT IMMEDIATELY
Cybersecurity Operations Center (CSOC) 24-hour critical response:
265-0000 (option 3)
  • If you are not the Security Liaison for your unit, notify and involve your unit Security Liaison as well. If you do not know who your Security Liaison is, your CSOC responder can assist.

Other important security incident or event, or notification?

You can report via email to security@illinois.edu
Also, see KB 56730 for detailed guidance

Reports submitted to this address are evaluated and triaged, at longest, once every 24 hours.

Non-emergency security questions and requests can be sent to securitysupport@illinois.edu


Tips:
If you are not a security liaison for your unit and are in need of emergent or critical security assistance, notify and involve your designated Security Liaison.

See https://go.illinois.edu/csoc for more details on the Critical Event Response team, what they do, and what to expect



Keywords:information security, security, cybersecurity, incident, breach, impact, event, report, emergency, critical, compromise, malware, phishing, contact, urgent, cyber, trouble, support   Doc ID:89561
Owner:Security S.Group:University of Illinois Technology Services
Created:2019-02-06 15:08 CSTUpdated:2019-06-27 11:43 CST
Sites:University of Illinois System, University of Illinois Technology Services
Feedback:  1   0