What to do if Compromised …….?

Critical to Monitor Activity and Develop an Incidence Response Plan

• Contain and limit the exposure
• Do not turn off the compromised machine – just unplug the cable from the network.
• Tell your Boss!
• Do not access or alter compromised system.
• Preserve logs and electronic evidence log.
• Get help from RUPD.
• Record all actions taken. Be on High Alert.
  
  Immediately email abuse@rutgers.edu .

• The Computing Incidence Response Team (CIRT) will take action and alert all necessary parties for you.

• Report who, what, where, when, why & how.
• Conduct a thorough investigation within 24 hours of the event (RUPD will help).

• Depending on the severity of the Security Breach, our CIRT will provide internal notification to University Police, Treasury Operations, University Counsel, Internal Audit, University Relations and will handle external notifications as appropriate.

• Based on guidance from University Counsel, our CIRT will comply with Visa/Master Card policies for compromised entities. Be prepared to provide the account numbers that were exposed to compromise to speed the notification process.

• Whether the department, RUPD or a third party conducts a forensic analysis will depend upon the level of risk and data elements obtained and guidance from Visa. Visa may require additional reviews, conduct a compliance questionnaire and vulnerability scan upon their discretion.