Incident response planning

🎓 Purpose

Preparatory activities, including documenting, training, and testing, are essential to identifying, containing, eradicating, and recovering from a security incident. It is important to act as if you a preparing for when an incident will occur, rather then if. Taking a proactive approach will help you return to normal activities as soon as possible.

👥 Audience

RESEARCHERS ADMIN STAFF IT STAFF

🔖 Contents

Initial considerations

Departmental and divisional incident response plans.

• Contact your local IT group about your department or division’s incident response plan. Ask how your team can or does fit into it.

  • https://uoft-infosec-cf.atlassian.net/wiki/spaces/ISH/pages/4948958/Additional+help#%F0%9F%96%A5%EF%B8%8F-Information-Technology-(IT)

Follow security best practices.

• Preventing an incident is always preferable to recovering from an incident. Enacting the following best practices can reduce the risk of an incident significantly.

  • Best practices to secure systems and environments

\uD83D\uDCD8 What can I do?

Review and adopt the University incident response plan or use it to create your own.

• Every employee at the University should be familiar with the incident response process and able to escalate incidents to their academic, administrative, or technical leadership teams, should an incident arise.

  • https://security.utoronto.ca/framework/standards/incident-security-response-plan/

Report suspected incidents.

• If you suspect a security event or incident is taking place or has occurred, report it.

  • Report a security event or incident