RIT Information Security Office
Computer Incident Response Process
(Laptop or Desktop)
Suspected security
incident identified
Loss or theft of
device?
No
Contact IT support
personnel/ITS
Service Desk
Decryption
Candidate?
ISO support
needed?
Yes
Notification
Yes
Notify Public Safety
No
ITS sends forensics
image to ISO
Yes
IT support creates
forensics image
(memory and disk)
No
Investigation
ISO conduct
investigation/ ITS
assist ISO
investigation as
needed
Containment
ITS assist with
Containment as
required
Eradication and
Recovery
Reimage or remove
threat
Resolution
ISO communicate
Resolution and
lessons learned
Restore to service
Lessons learned
Exit Computer
Incident Response
Process
Exit Computer
Incident Response
Process
For more information, Contact:
Jim Moore, Sr. Information Security Forensics Investigator, direct: (585) 475-5406, e-mail: [email protected]
[email protected]
Http://www.rit.edu/security
Revised 11/16/15
Version 3.11