Computer viruses, worms, denial of service attacks, equipment failures, vandalism, theft and other unwelcome events can send your computer services staff scrambling and cause a variety of problems for your user community. Even the least of these situations can be a distraction for your staff. The most severe can provide an unscheduled opportunity to test your disaster recovery procedure! How does your organization react to these events? Do you have a clearly-defined process in place to deal with unexpected incidents that threaten the security or operation of your systems.Eastern Connecticut State University is a public liberal arts institution with an enrollment of about 5000 students. Our Information Technology Services (ITS) group has implemented a process that provides a framework for an orderly response to unexpected events. The process is an adaptation of security incident response recommendations from the National Institute of Standards and Technology, Internet Security Systems, Inc. and other resources, which have been tailored for our institutional needs. At the core of the process is the Incident Response Team, which consists of a team manager, a technical leader and other ad hoc team members, depending on the nature and severity of the event. The team concept takes advantage of institutional expertise from law enforcement, human resources, audit, public relations, facilities management, legal services and other technical resources within ITS. The team manages information gathering, analysis, recovery and administrative functions to ensure a controlled, coordinated approach to incident response.Our presentation will focus on the phases of the incident response process and the role of the Incident Response Team. Flexibility, wise use of resources, effective communications and analytical skills are contributing factors to a successful response effort. We will draw upon our own experiences in discussing communication with the user community, severity level guidelines, evidence gathering, essential documentation, and lessons learned along the way.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

• Data structures for quadtree approximation and compression Communications of the ACM   28, 9
  Hanan Samet
  
  
• A hierarchical single-key-lock access control using the Chinese remainder theorem Proceedings of the 1992 ACM/SIGAPP Symposium on Applied computing
  Kim S. Lee ,  Huizhu Lu ,  D. D. Fisher
  
  
• The GemStone object database management system Communications of the ACM   34, 10
  Paul Butterworth ,  Allen Otis ,  Jacob Stein
  
  
• Putting innovation to work: adoption strategies for multimedia communication systems Communications of the ACM   34, 12
  Ellen Francik ,  Susan Ehrlich Rudman ,  Donna Cooper ,  Stephen Levine
  
  
• An intelligent component database for behavioral synthesis Proceedings of the 27th ACM/IEEE Design Automation Conference on
  Gwo-Dong Chen ,  Daniel D. Gajski