Report a Problem

Information Security - Report a Problem

Click on the link that most closely fits your situation and write a brief note:

E-mail

Viruses

Payment Card-Related Incidents

Other Security-related Incidents

Western's Computer Security Incident Response Process

When incidents are reported to ITS, the following computer security incident response process - developed based on best practices in the field of information security - is used by the ITS Information Security Office and a supporting CSIR Team.

The central role played by the ITS Information Security Office, and more specifically by the ITS Central Information Security Officer, provides many benefits to the University community, including:

  • Use of latest incident response technologies and techniques;
  • Consistent incident handling with a dynamic CSIR Team based on technical specifics of the incident;
  • Feedback of lessons learned into the CSIRT process;
  • Aggregation and reporting of anonymized incident information in support of ongoing risk analysis/ risk management efforts and more.

UWO Computer Security Incident Response Process (High Level)

Click on the image above, or here, to open the process flow in a new browser window.  Contact the ITS CISO for further information about incident response processes at the University of Western Ontario.  An accessible text version of the image is available below:

Accessible Transcript

UWO CSIRT Processes (High-Level)

Preparation

  • Ongoing by UWO ITS (CISO, Security Working Group, Network Security Office, and others)

Detection

  • HelpDesk Reports (to ITS)
  • IDP Events (NSO)
  • FW Events (NSO/ITS)
  • SysAdmin Reports (ITS/others)
  • HW/SW Alerts (many)

Triage and Response

  • Categorize, Prioritize, and Assign (CISO/ITS)
  • Technical Response (ITS/others)
  • Management/Legal Responses (CISO/others)
  • Incident Closure (CISCO/ITS/others)
  • Lessons Learned (CISO/ITS/others)

Protection

  • Ongoing by UWO ITS (CISO, Security Working Group, Network Security Office, and others)

Published on  and maintained in Cascade CMS.