Cybersecurity Incident Response

About this service

Description Critical event response is a function of the Cybersecurity Operations Center, whose goal is to mitigate critical risks and impacts to the university. It exists as a fundamental part of Security’s charge, obligations, provisions, and directives presented to it under the Campus Administrative Manual, “Appropriate Use of Computers and Network Systems.”

How do I contact Critical Event Response?
Report incidents or other urgent security events by emailing security@illinois.edu
If it’s urgent, call the 24×7 on-call responder at 217.265.0000, option 3
(Note: For general questions or non-urgent security support, email securitysupport@illinois.edu)
What do they do?

  • Incident intake, triage, validation, and response
  • Vulnerability/exposure intake, triage, validation, and response
  • Threat intake, triage, validation, and response

“Response” can include one or more of the following:

  • Situation containment
  • Mitigation
  • Critical consultation

Who they do it do it for?
University of Illinois (BOT, administration, by charter)

What timelines are standard?
Event triage within 24 hours of notice or detection.

  • Low severity events will be picked up no more than 96 hours from the time of triage.
  • Medium severity events will be picked up and worked no more than 48 hours from the time of triage.
  • High severity events will be picked up and worked no more than 4 hours from the time of triage.
  • Critical severity events will be picked up and worked no more than 1 hour from the time of triage.
    • Mitigation of critical events enacted on a prioritized “ASAP” premise.

As-needed emergent engagement with leadership enacted when administrative process is required due to standing requirements, commitments, laws, policies, or procedures.

Continual monitoring, scanning, intelligence gathering, and network interrogation techniques to be employed for the purpose of detecting cybersecurity vulnerabilities, threats, exposures, breaches, anomalous activity, risks borne from noncompliance, cybersecurity incidents, misconfigurations, or other activities and conditions which may contribute to the risk posture of the university.

Notification provided to owners of record after mitigation actions are taken, as soon as is practical. A best-effort process will be employed to contact security liaisons and/or stewards. Process assumes contacts are registered and findable in the CDB, Security Liaisons registry, or otherwise immediately identifiable using established university enterprise constructs.

Possible Impacts
Critical Event Response’s main purpose is to mitigate and investigate critical cybersecurity conditions, incidents, and events. Since such events are commonly unplanned, this function can impact critical university operations adversely and without prior notice.

Deviations of Process
Any request to change mitigation or incident response processes or outcomes should be addressed to the Chief Privacy and Security Officer, carbon copying security@illinois.edu.
Other names Cybersecurity Critical Event Response
Documentation links https://techservices.illinois.edu/cybersecurity-operations-center-critical-event-response/
Features and tools Not Applicable

Getting and using this service

Who can use the service Faculty/Staff
Undergraduate Students
Graduate/Professional Students
Retirees
Other(s): Cybersecurity Incident Response provides support for the University of Illinois at Urbana-Champaign, University of Illinois Springfield, and the university system offices at those locations.
How to get the service How do I contact Critical Event Response?
Report incidents or other urgent security events by emailing security@illinois.edu
If it’s urgent, call the 24×7 on-call responder at 217.265.0000, option 3
(Note: For general questions or non-urgent security support, email securitysupport@illinois.edu)
Cost There is no cost to use the service offering. Cybersecurity Incidents as a whole may incur various costs to contain, eradicate, and recover from.
Usage constraints What timelines are standard?
  • Event triage within 24 hours of notice or detection.
  • Low severity events will be picked up no more than 96 hours from the time of triage.
  • Medium severity events will be picked up and worked no more than 48 hours from the time of triage.
  • High severity events will be picked up and worked no more than 4 hours from the time of triage.
  • Critical severity events will be picked up and worked no more than 1 hour from the time of triage.
    • Mitigation of critical events enacted on a prioritized “ASAP” premise.

Support and Hours

How to get help How do I contact Critical Event Response?
Report incidents or other urgent security events by emailing security@illinois.edu
If it’s urgent, call the 24×7 on-call responder at 217.265.0000, option 3
(Note: For general questions or non-urgent security support, email securitysupport@illinois.edu)
Training and consulting opportunities Not Applicable
Maintenance hours Not Applicable
Lifecycle stage Production
Provided by Technology Services