What describes the immediate action taken to isolate a system in the event of a breach?
Procedure for Responding to a Compromised Computer
PurposeThe purpose of this Procedure is to provide step-by-step instructions for responding to an actual or suspected compromise of Carnegie Mellon's computing resources. Show Applies ToThis Procedure applies to anyone using Carnegie Mellon University's computing resources that suspects that the security or privacy of these resources has been compromised. This Procedure also applies to situations where there has been no compromise but someone suspects their computing resources are actively being attacked. This Procedure does not apply to computing resources owned by students. DefinitionsAll terms and definitions in this document can be located in the Information Security Office Glossary. Regulatory RequirementsCarnegie Mellon University is required by various state and federal regulations to investigate any incident that may involve the breach of personally identifiable information. Carnegie Mellon University is also required to notify an individual if the privacy of their personally identifiable information has been breached. Failure to preserve evidence or conduct an investigation related to a compromised computer could result in unnecessary financial costs for the institution. It is also important that the details of a compromise and the ensuing investigation remain confidential. All communications related to a compromise should be coordinated with the Information Security Office and the Office of General Counsel. Any contact with law enforcement should be immediately referred to or authorized by the Office of General Counsel. ProcedureThe following steps should be taken to respond to an actual or suspected compromised computer:
Revision History
|