Information Technology and Services

Computer Incident Response Process

The Computer Incident Response Team (CIRT) investigates and resolves computer security incidents. A security incident occurs when an unauthorized entity gains access to SU computing or network services, equipment or data.

  • If you suspect a violation of your computer's security, contact your department's computer or technical support person immediately.
  • If you are a system administrator, read the guidance at How to Report a Computer Security Incident to determine whether you need to contact the CIRT.  Follow the guidelines on that page to report possible incidents immediately.
  • Departments with internal incident response teams are still required to contact the CIRT in case of incident.  The CIRT will work closely with your security team to investigate the incident.


  • Isolating the compromised system from the network: The machine is isolated unless network connections can help determine the extent and nature of the incident.
  • Preserving the evidence: To prevent destruction of evidence and maximize chances of identifying the intruder, no interaction with the machine will occur until the CIRT team is in place.
  • Setting up the CIRT team: The CIRT contact and the reporting system administrator set up an incident handling team if the situation merits further attention.
  • Cleaning up and restoring the system: This process begins after the official report is filed.
  • Notifying the impacted department or equipment owner: This takes place as required unless law enforcement indicates it will interfere with the investigation.
  • Evaluating how the situation was handled: After the required notification, the CIRT and incident handling team evaluate the response and notification process.

Last Updated: 08/12/14

US Cert Alerts

Sat, 01 Jul 2017 05:41:37 +0000
TA17-181A: Petya Ransomware

Tue, 13 Jun 2017 15:45:09 +0000
TA17-164A: HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure

Mon, 12 Jun 2017 21:44:47 +0000
TA17-163A: CrashOverride Malware