not mobile

Information Security and ePrivacy

Cyber Incident Management

Print friendly Modified November 16, 2015

USG institution, USO, GPLS, and Georgia Archives management must investigate incidents involving loss, damage, misuse of information assets, or improper dissemination of information. All USG institutions, the USO, the GPLS, and the Georgia Archives are required to report information security incidents consistent with the security reporting requirements as noted in Section 5.10 of this Handbook.

Proper incident management includes the formulation and adoption of a written incident management plan, which provides for the timely assembly of appropriate staff that is capable of developing a response to, appropriate reporting about, and successful recovery from a variety of incidents.

In addition, incident management includes the application of lessons learned from incidents, together with the development and implementation of appropriate corrective actions directed to preventing or mitigating the risk of similar occurrences in the future. All institution, USO, GPLS, and Georgia Archives incident management policies and plans must be on file at USG Information Security & ePrivacy. The USO and the USG CISO will file an electronic copy of the USG-USO Incident Response Plan with the State CISO and the Georgia Bureau of Investigation (GBI), per the State Incident Response Reporting Standard.

Time is critical In the event of a computer security incident concerning sensitive USG or personal data, the affected office must take immediate action to report the incident. Report an Information Security Incident immediately by calling the ITS Helpdesk at **706-583-2001**, or **1-888-875-3697** (Toll free within Georgia). The ITS Helpdesk is available 24 hours a day, seven days a week.

University System of Georgia Organizations

As soon as the incident is suspected:

1. Immediately call the ITS Helpdesk, **706-583-2001** or **1-888-875-3697** (Toll free within Georgia).

2. Step away from the computer; do not touch it or take any other action until advised by TSS or Information Security & ePrivacy.

3. Do not attempt to login, or alter the compromised system or power it off. These actions will delete forensic evidence that may be critical to your incident.

4. Do not talk about the incident with any other parties until you are authorized as part of the process outlined in this document.

5. From another computer, download the following file: Abuse Notification (04-21-2014) and USG INSTITUTION INFORMATION SECURITY INCIDENT REPORT and email the completed form to with details of the suspected exposure.

USG System Office (Athens & Atlanta)

Contact USG Helpdesk at or 404-583-3000.

When Information Security & ePrivacy are notified, an Incident Response Team will immediately be assembled to advise and assist in containing and limiting the exposure, in investigating the attack, in obtaining the appropriate approvals, and in handling notification to the affected individuals and offices.