All Northwestern faculty, staff, and students.
This guideline, the Incident Response Protocol (abridged), establishes procedures in accordance with applicable legal and regulatory requirements and University policy to address instances of unauthorized access to or disclosure of University Information, to be known as an Incident.
The protocol describes the response to such events, the conditions whereby this process is invoked, the resources required, and the course of recommended action. Central to this process is the Incident Response Team (IRT), assembled with the purpose of addressing that particular circumstance where there is credible evidence of an incident.
The primary emphasis of activities described within this protocol is the return to a normalized (secure) state as quickly as possible, while minimizing the adverse impact to the University. The capture and preservation of incident relevant data (e.g., network flows, data on drives, access logs, etc.) is performed primarily for the purpose of problem determination and resolution, and methods currently employed are suitable for that purpose. It is understood and accepted that strict forensic measures are not used in the data capture and retention.
Original Issue Date:January 2006
Last Updated: 21 November 2011