Maintaining the confidentiality, integrity, and availability of systems and data is a risk management issue for all organizations, including the University of Miami. Furthermore, as more personally identifiable information is collected, and systems and processes become increasingly more complex, regulations continue to place requirements for the protection of that information on the University.
The Information Security Office oversees the UMIT incident response program and orchestrates each incident response declaration from inception through resolution and post incident review. When an incident is detected, the ISO identifies the appropriate incident handler(s) and coordinates the resources needed, external or internal, to address the threat. The ISO guides each incident response from a best practice perspective and ensures post incident reviews are conducted to examine root causes, evaluate the quality of the response, and determine if remedial action is necessary. In terms of the overall incident response program, the ISO coordinates incident response training to develop the appropriate skill sets throughout all the UMIT disciplines to respond to various threats as they arise.
Standards, procedures, and guidelines regarding security incident response are found here.
Specific procedures vary depending on the type of incident, but all procedures include the following steps:
In order to coordinate response to and resolution of security incidents, UM has established an incident response team led by the UM Information Security Office. The Incident Response Team is composed of UMIT staff and others as appropriate for the incident. The incident response team: