{"id":692,"date":"2020-10-07T16:45:13","date_gmt":"2020-10-07T16:45:13","guid":{"rendered":"https:\/\/sites.rutgers.edu\/soc\/?page_id=692"},"modified":"2020-10-07T16:48:26","modified_gmt":"2020-10-07T16:48:26","slug":"what-happens-when-a-computing-incident-is-reported","status":"publish","type":"page","link":"https:\/\/sites.rutgers.edu\/soc-archive\/incident_response\/what-happens-when-a-computing-incident-is-reported\/","title":{"rendered":"What happens when a computing incident is reported?"},"content":{"rendered":"<h3>SOURCES OF INCIDENT REPORTS<\/h3>\n<ul>\n<li>Email to\u00a0<a href=\"mailto:abuse@rutgers.edu\">abuse@rutgers.edu<\/a><\/li>\n<li>Results of network log analysis<\/li>\n<li>Results of network vulnerability scans<\/li>\n<li>Telephone reports<\/li>\n<li>In person reports<\/li>\n<\/ul>\n<h3>ACTIONABLE INCIDENTS<\/h3>\n<ul>\n<li>The Rutgers University CIRT handles incidents in which a Rutgers host (or users) cause computer or network problems.\u00a0This typically includes:\n<ul>\n<li>Violations of the University\u00a0<a href=\"https:\/\/policies.rutgers.edu\/sites\/default\/files\/10.2.11%20-%20current%20%2800019883xDE114%29.PDF\">Code of Student Conduct<\/a><\/li>\n<li>Violations of the\u00a0\u00a0<a href=\"https:\/\/policies.rutgers.edu\/sites\/default\/files\/70.1.1-current%20%2800010408xDE114%29.PDF\">Acceptable Use Policy for Computing and Information Technology Resources<\/a>.<\/li>\n<li>Violations of federal, state or local law.<\/li>\n<\/ul>\n<\/li>\n<li>Reports from departmental staff of attacks\u00a0on their computers and subnets.<\/li>\n<\/ul>\n<h3>ISSUE ESCALATION AND OVERDUE TICKETS<\/h3>\n<p>&nbsp;<\/p>\n<ul>\n<li>The\u00a0<strong>Incidents<\/strong>\u00a0queue is normal priority.\u00a0\u00a0 After 5 business days (generally 1 calendar week), the contact is notified that the ticket is overdue, \u00a0After 5 more business days, a request is sent to the Network Operations Center to block the host.\u00a0\u00a0 A ticket can also be escalated if more than 5 reports are received for the same host.<\/li>\n<li>Shorter time spans apply to incidents considered critical\u00a0\u00a0 After 2\u00a0business days, \u00a0the incident\u00a0is overdue. \u00a0 IPS makes every effort to notice departments by telephone of critical incidents.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h3>RECORD RETENTION<\/h3>\n<ul>\n<li><strong>Two years<\/strong>\u00a0for email to\u00a0the Rutgers University Computing Incident Response Team (RU\u00a0CIRT).<\/li>\n<li><strong>Two years<\/strong>\u00a0for hardcopy files related to\u00a0computer \u00a0incidents.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>SOURCES OF INCIDENT REPORTS Email to\u00a0abuse@rutgers.edu Results of network log analysis Results of network vulnerability scans Telephone reports In person reports ACTIONABLE INCIDENTS The Rutgers University CIRT handles incidents in &hellip; <a href=\"https:\/\/sites.rutgers.edu\/soc-archive\/incident_response\/what-happens-when-a-computing-incident-is-reported\/\" class=\"\">Read More<\/a><\/p>\n","protected":false},"author":112,"featured_media":0,"parent":694,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"class_list":["post-692","page","type-page","status-publish","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>What happens when a computing incident is reported? - Security Operations Center<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/sites.rutgers.edu\/soc-archive\/incident_response\/what-happens-when-a-computing-incident-is-reported\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What happens when a computing incident is reported? - Security Operations Center\" \/>\n<meta property=\"og:description\" content=\"SOURCES OF INCIDENT REPORTS Email to\u00a0abuse@rutgers.edu Results of network log analysis Results of network vulnerability scans Telephone reports In person reports ACTIONABLE INCIDENTS The Rutgers University CIRT handles incidents in &hellip; Read More\" \/>\n<meta property=\"og:url\" content=\"https:\/\/sites.rutgers.edu\/soc-archive\/incident_response\/what-happens-when-a-computing-incident-is-reported\/\" \/>\n<meta property=\"og:site_name\" content=\"Security Operations Center\" \/>\n<meta property=\"article:modified_time\" content=\"2020-10-07T16:48:26+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/sites.rutgers.edu\/soc-archive\/incident_response\/what-happens-when-a-computing-incident-is-reported\/\",\"url\":\"https:\/\/sites.rutgers.edu\/soc-archive\/incident_response\/what-happens-when-a-computing-incident-is-reported\/\",\"name\":\"What happens when a computing incident is reported? - Security Operations Center\",\"isPartOf\":{\"@id\":\"https:\/\/sites.rutgers.edu\/soc-archive\/#website\"},\"datePublished\":\"2020-10-07T16:45:13+00:00\",\"dateModified\":\"2020-10-07T16:48:26+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/sites.rutgers.edu\/soc-archive\/incident_response\/what-happens-when-a-computing-incident-is-reported\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/sites.rutgers.edu\/soc-archive\/incident_response\/what-happens-when-a-computing-incident-is-reported\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/sites.rutgers.edu\/soc-archive\/incident_response\/what-happens-when-a-computing-incident-is-reported\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/sites.rutgers.edu\/soc-archive\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Incident Response\",\"item\":\"https:\/\/sites.rutgers.edu\/soc-archive\/incident_response\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"What happens when a computing incident is reported?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/sites.rutgers.edu\/soc-archive\/#website\",\"url\":\"https:\/\/sites.rutgers.edu\/soc-archive\/\",\"name\":\"Security Operations Center\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/sites.rutgers.edu\/soc-archive\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What happens when a computing incident is reported? - Security Operations Center","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/sites.rutgers.edu\/soc-archive\/incident_response\/what-happens-when-a-computing-incident-is-reported\/","og_locale":"en_US","og_type":"article","og_title":"What happens when a computing incident is reported? - Security Operations Center","og_description":"SOURCES OF INCIDENT REPORTS Email to\u00a0abuse@rutgers.edu Results of network log analysis Results of network vulnerability scans Telephone reports In person reports ACTIONABLE INCIDENTS The Rutgers University CIRT handles incidents in &hellip; Read More","og_url":"https:\/\/sites.rutgers.edu\/soc-archive\/incident_response\/what-happens-when-a-computing-incident-is-reported\/","og_site_name":"Security Operations Center","article_modified_time":"2020-10-07T16:48:26+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/sites.rutgers.edu\/soc-archive\/incident_response\/what-happens-when-a-computing-incident-is-reported\/","url":"https:\/\/sites.rutgers.edu\/soc-archive\/incident_response\/what-happens-when-a-computing-incident-is-reported\/","name":"What happens when a computing incident is reported? - Security Operations Center","isPartOf":{"@id":"https:\/\/sites.rutgers.edu\/soc-archive\/#website"},"datePublished":"2020-10-07T16:45:13+00:00","dateModified":"2020-10-07T16:48:26+00:00","breadcrumb":{"@id":"https:\/\/sites.rutgers.edu\/soc-archive\/incident_response\/what-happens-when-a-computing-incident-is-reported\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/sites.rutgers.edu\/soc-archive\/incident_response\/what-happens-when-a-computing-incident-is-reported\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/sites.rutgers.edu\/soc-archive\/incident_response\/what-happens-when-a-computing-incident-is-reported\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/sites.rutgers.edu\/soc-archive\/"},{"@type":"ListItem","position":2,"name":"Incident Response","item":"https:\/\/sites.rutgers.edu\/soc-archive\/incident_response\/"},{"@type":"ListItem","position":3,"name":"What happens when a computing incident is reported?"}]},{"@type":"WebSite","@id":"https:\/\/sites.rutgers.edu\/soc-archive\/#website","url":"https:\/\/sites.rutgers.edu\/soc-archive\/","name":"Security Operations Center","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/sites.rutgers.edu\/soc-archive\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/sites.rutgers.edu\/soc-archive\/wp-json\/wp\/v2\/pages\/692"}],"collection":[{"href":"https:\/\/sites.rutgers.edu\/soc-archive\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/sites.rutgers.edu\/soc-archive\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/sites.rutgers.edu\/soc-archive\/wp-json\/wp\/v2\/users\/112"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.rutgers.edu\/soc-archive\/wp-json\/wp\/v2\/comments?post=692"}],"version-history":[{"count":1,"href":"https:\/\/sites.rutgers.edu\/soc-archive\/wp-json\/wp\/v2\/pages\/692\/revisions"}],"predecessor-version":[{"id":693,"href":"https:\/\/sites.rutgers.edu\/soc-archive\/wp-json\/wp\/v2\/pages\/692\/revisions\/693"}],"up":[{"embeddable":true,"href":"https:\/\/sites.rutgers.edu\/soc-archive\/wp-json\/wp\/v2\/pages\/694"}],"wp:attachment":[{"href":"https:\/\/sites.rutgers.edu\/soc-archive\/wp-json\/wp\/v2\/media?parent=692"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}