Skip to content Skip to main navigation Report an accessibility issue
Information Security

Incident what?



Information Security type individuals, as well as auditors, frequently talk about “Incident Response.” The term gets mentioned so much that it may be assumed that everyone knows what the term means. 

Incident response is an organized approach to addressing and managing the aftermath of a security breach or cyberattack. The goal of an Incident Response plan or procedure is to handle the situation in a way that limits damage and reduces recovery time and costs.

UT Policy IT0122 – Security Incident Reporting and Response mandates that every campus develops or adopts and maintains an “Incident Response Plan.” The Incident Response Plan (IRP) for the Knoxville Campus can be found at tiny.utk.edu/IRP. The plan identifies how the campus will manage the aftermath of a breach. It details who is responsible, who should be notified, and the timeline that must be followed to comply with state and federal laws.

This is the document that should guide departments in creating their own internal processes.

Example: A faculty member mistakenly sends a grade roll to their brother, “Brian,” intending to send it to the Registrar,  Brian Coldren. Oops. What next? Should they:

  1. Delete their sent email and play like it never happened?
  2. Resend it to the “right” Brian?
  3. Let their Department head know immediately and contact OIT?
  4. Delete the email and call their brother, asking him to delete the message and forget he ever saw it?

Go with your gut and select “C.” This is known as an inadvertent disclosure of student information, a FERPA disclosure, and by law, the university needs to know about it and take steps to manage the “incident.” The faculty member should:

  1. Inform the Department Head of the mistake
  2. Call the OIT HelpDesk at 865-974-9900
  3. Contact the Registrar (the other, “Brian”) about the incident.

ALL IT-related incidents must be reported to the OIT HelpDesk as soon as possible. If you don’t know what your department’s procedures are, ask someone. If you suspect a breach or disclosure, but you’re just not sure, call OIT and ask.

This is just one example of an IT Incident. It could be that you received an email from someone claiming to be your boss, asking you to run out immediately and buy gift cards. Suspicious? Call the HelpDesk and report it. Don’t engage the person. If you suspect criminal activity, always contact law enforcement (UTPD) first.

Time is of the essence, so don’t wait. Better to be safe than sorry!