Scope

This document applies to all individuals authorized to use SDSC's IT resources. The prescribed actions and processes described in this document apply to situations involving any SDSC Host (as defined in the SDSC Security Policy) as well as any of the IT resources provided by SDSC.

Background

Incident response does not only involve IT staff and security. Users, such as yourself, play a big part too, as they are often the first to realize something "odd". However, with respect to incident response, users also have the ability to do the most damage. By attempting to investigate incidents on their own, a user may inadvertently destroy evidence or warn the intruder of our knowledge of their presence.

The procedures described in this document are designed to provide an effective means of transferring the responsibility of handling an incident or potential incident from the user to security staff with minimal loss of evidence and risk of alerting an intruder. We encourage you to make use of this process whenever you suspect an incident, not only when you know one has occurred.