Incident Response Procedures
All security incidents (or suspected incidents) involving a computer containing University confidential or personal information must be reported immediately to the IT Security Office. In the event that one of your computer systems has been compromised, please follow the procedures below:
IMMEDIATELY UNPLUG the network cable from your computer. DO NOT unplug the power cable and do not shut off the machine.
CALL the IT Security Office at 509-335-3900 (8:00am to 5:00pm), or contact the ITS Network Operations Center at 509-335-4949 (24 hours a day, 7 days a week). If you contact the Network Operations Center, have them contact the IT Security Office or the University Information Security Officer. Please send details of the incident to abuse@wsu.edu.
IT IS CRITICAL that you speak to a human being. Do not simply leave voice mail or send email.
DO NOT attempt to login, touch or alter in any way the compromised system. Any of these actions may destroy critical forensics evidence needed to resolve the incident.
DO NOT take any other actions until advised by the IT Security Office.
DO NOT talk about the incident with anyone other than the members of the response team unless authorized to do so.
RAPID RESPONSE IS ESSENTIAL. Immediately containing and limiting the compromise is the top priority. Individuals whose data are compromised expect timely notification so that they can monitor and protect their accounts.