Cybersecurity, Emergency Incident, Contacting Security
How to contact the Cybersecurity Operations Center on-call responder in an emergency.
Cybersecurity breach or other cybersecurity emergency?
IF YOU DISCOVER A PROBABLE BREACH
REPORT IT IMMEDIATELY
- Do not power anything off.
- Do not remove anything from the network yet if at all possible.
- Do not mess with any of the affected things if at all possible.
- Before you do anything, Security needs to work towards understanding, containing, mitigating, and ultimately recovering the incident. Messing with the system can complicate or disrupt campus’ ability to do those things, so please take two steps back and breathe.
Cybersecurity Operations Center (CSOC) 24-hour critical response:
265-0000 (option 3)
- If you are not the Security Liaison for your unit, notify and involve your unit Security Liaison as well. If you do not know who your Security Liaison is, your CSOC responder can assist.
Other important security incident or event, or notification?
You can report via email to firstname.lastname@example.org
Also, see KB 56730 for detailed guidance
Reports submitted to this address are evaluated and triaged, at longest, once every 24 hours.
Non-emergency security questions and requests can be sent to email@example.com
If you are not a security liaison for your unit and are in need of emergent or critical security assistance, notify and involve your designated Security Liaison.
See https://go.illinois.edu/csoc for more details on the Critical Event Response team, what they do, and what to expect