Security incident handling is the planned response to events that are recognized as compromises to the confidentiality, integrity or availability of a system. In addition specific Academic Medical Center (AMC) compromises involve the misuse of: 1) Proprietary information, 2) Patient information (PHI) or 3) Personal information. Preparation before incidents occur is vital. Security policies, procedures and standards define the secure operation of systems. People with the needed skills must be organized and trained. Software and hardware tools should be assembled. Detection of intrusions may come from users, support staff, outside parties and automated detection systems. The recovery steps are: 1) Regain control, 2) Analyze the intrusion, 3) Contact the relevant Computer Security Incident Response Team (CSIRT) and other sites involved, 4)
Recover from the intrusion, 5) Improve the security of your
system and network, 6) Reconnect to the Internet and 7) Update
your security policy.
This document is in PDF format. To view it click here.