Main Navigation

Home » Incident Management

Incident Management

Overview

The USG - Office of Information Security works collaboratively with institution Information Security Officers, and other essential entities on mitigating, identifying, responding to, and reporting information security incidents.

The following policy, standards, and guidelines are provided to assist System Office and Institutions in compliance with current incident notification and reporting requirements, and establishing and maintaining internal incident management functions.

  • Incident Notification
  • Incident Reporting
  • Other Resources

How to Report an Information Security Incident

  • University System of Georgia Institutions - Immediately report computer incidents to the UUSG Office of Information Security through the OIIT Helpdesk at 706-583-2001, or * 1-888-875-3697 (Toll free within Georgia)
  • USG System Office (Atlanta) - Contact System Office Tech Support (SOTS) at SOTS@usg.edu or (404) 657-1500

USG University System Office - Incident Response

The University System of Georgia (USG) Office of Information Security (OIS) assists in responding to and investigating incidents related to misuse or abuse of USG information and information technology resources. This includes computer and network security breaches and unauthorized disclosure or modification of institutional or personal information.

In the event of a computer security incident concerning sensitive USG or personal data, the affected office must take immediate action to report the incident to the System Office Tech Support and as soon as the incident is suspected.

As soon as the incident is suspected

  • IMMEDIATELY CALL, no matter what time of day or night or weekday or weekend or holiday, until you get to a human.
  • A representative from SOTS will then call you back. Please also e-mail SOTS@usg.edu with details of the suspected exposure. Please DO NOT simply leave voicemail or send e-mail - please ensure you reach a human, because it is CRITICAL that we begin response procedures immediately.
  • STEP AWAY from the computer; DO NOT touch it, and DO NOT take any other action until advised by SOTS or USG Office of Information Security.
  • DO NOT touch, attempt to login, or alter the compromised system. DO NOT power it off. These actions will delete forensic evidence that may be critical to your incident.
  • DO NOT talk about the incident with any other parties until you are authorized as part of the process outlined in this document.

SOTS & USG Office of Information Security are charged with investigation and coordination of incidents where sensitive institutional or personal data is suspected to have been exposed, and it has experienced and licensed forensic engineers on staff to assist.

When SOTS and USG OIS is notified, a Incident Response Team will immediately be assembled to advise and assist in containing and limiting the exposure, in investigating the attack, in obtaining the appropriate approvals, and in handling notification to the affected individuals and offices. The incident still "belongs" to the USG unit experiencing the exposure; the mission of SOTS & USG OIS is to assist you.

Time is critical

Immediately containing and limiting the exposure is first priority. In certain situations, we must notify the Georgia Bureau of Investigations within two business days of becoming aware of the incident. Also, individuals involved in such incidents expect expeditious notification to them so that they can monitor their accounts. The most common complaints after an incident are about how long it took the organization to contain the exposure and to send notifications. At the USG, our goal is to notify the individuals affected within one week of our becoming aware of the exposure.

USG Institutions Incident Reporting Steps and Data Gathering Process

To report emergency information security issues, call the OIIT Helpdesk immediately, 24 hours a day, seven (7) days a week:

  • 706-583-2001, or
  • 1-888-875-3697 (Toll free within Georgia)

and follow instructions--provided through the OIIT Helpdesk telephone menu system--to leave an emergency message that will automatically page on-call support staff.

For anything else, contact the OIIT Helpdesk at

Note: Self-service requires login using a user ID and password. Contact the OIIT Helpdesk at helpdesk@usg.edu to obtain self-service login credentials.

USG Institutions - Incident Notification Steps

USG Incident Management policy requires institutions to follow a prescribed notification process when information security incidents occur. Typically, it is each institution's Information Security Officer's (ISO) responsibility to notify the proper authorities. The prescribed process includes the following steps:

  1. Immediately call the OIIT Helpdesk (number above) to report the computer/data incident.

    This number is a 24-hour telephone line at the OIIT Facility in Athens. Ga. The OIIT Helpdesk contact person will require specific information about the incident and will forward that information to the USG Office of Information Security. Representatives from the Office of Information Security and/or Georgia Bureau of Investigations will contact you as soon as possible following their receipt of the OIIT Helpdesk notification.

    IMPORTANT: A notification made to USG Office of Information Security outside of the OIIT notification process by email or other means is NOT an acceptable substitute for the required notification to OIIT.

  2. Guidance for reporting the incident.

    The following information should be gathered before calling the OIIT Helpdesk:

    • Name and address of the reporting Institution/academic Unit/Administrative Unit.
    • Name, address, e-mail address, and phone number(s) of the reporting person.
    • Name, address, e-mail address, and phone number(s) of the campus Information Security Officer or the person responsible for Information Security.
    • Name, address, e-mail address, and phone number(s) of the alternate contact (e.g., alternate ISO, system administrator, etc.).
    • Description of the incident.
    • Date and time the incident occurred.
    • Date and time the incident was discovered.
    • Make / model of the affected computer(s).
    • IP address of the affected computer(s).
    • Assigned name of the affected computer(s).
    • Operating system of the affected computer(s).
    • Location of the affected computer(s).
    • Any actions at and following the time of discovery that were taken prior to calling OIIT Helpdesk

  3. Personally Identifiable Information.

    During the notification process, it is also important to report if the incident involves personally identifiable information (PII) or Federally protected information, such as FERPA, HIPAA, PCI or other sensitive information. Also, a count of the affected persons.

  4. Additional Information.

    The USG Office of Information Security and/or the Ga Bureau of Investigations may contact the institution for additional information or further investigation.

Other Resources

Links and resources for incident notification and reporting documentation, "best" practices, and federal standards to help develop and/or update your agency's reporting procedures. Contact the University System - Office of Information Security if you have questions or need assistance with incident reporting.

The University System - Office of Information Security (OIS) web site contains links to other sites that are not owned or controlled by us. The information provided at these sites does not reflect the views of this Office or indicate an endorsement of a particular company or product. Please be aware that our Office is not responsible for the security and privacy practices of such other sites.