Incident Response

Maintaining the confidentiality, integrity, availability of systems and data is a risk management issue for all organizations, including the University of Miami. Furthermore, as more personally identifiable information is collected and systems and processes become increasingly more complex, regulations continue to impose requirements on the University, to protect that information.

The Information Security Office (ISO) oversees the UMIT Incident Response Program and orchestrates each incident response declaration from inception through resolution and post-incident review. When an incident is detected, the ISO identifies the appropriate incident handler(s) and coordinates the resources needed, external or internal, to address the threat. The ISO guides each incident response from a best practice perspective and ensures post-incident reviews are conducted to examine root causes, evaluate the quality of the response, and determine if remedial action is necessary. In terms of the overall incident response program, the ISO coordinates incident response training to develop the appropriate skill sets throughout all the UMIT disciplines to respond to various threats as they arise.

A security incident is:

  • An event involving any aspect of information technology, which is not part of standard operations and has the potential to cause harm to University data resources and reputation and/or financial loss.
  • Defined as an event that impacts or has the potential to impact the confidentiality, availability, or integrity of UMIT resources. 

Standards, procedures, and guidelines regarding security incident response are found here.

Specific procedures vary depending on the type of incident, but all procedures include the following steps:

  1. Discovery
  2. Documentation
  3. Notification
  4. Acknowledgment
  5. Containment
  6. Investigation
  7. Resolution
  8. Closure

In order to coordinate responses to and resolution of security incidents, the University of Miami has established an incident response team led by the Information Security Office. The Incident Response Team is composed of UMIT staff and others as appropriate for the incident. The incident response team:

  • Has primary authority in response decisions for IT security incidents
  • Coordinates incidents from discovery through resolution and closure
  • Assesses threats to IT resources
  • Determines vulnerabilities of IT resources
  • Processes IT security complaints or incidents reported by others
  • Alerts campus IT workers of active threats