IT Services Incident Handling is based on the process of
Identification: Potential security incidents are investigated by the IT Services Information Security Team
Assessment: When a potential problem has been identified, IT Services will analyse the information provided e.g. speaking with the affected user, AV logs etc. This will determine the likelihood that a security incident has occurred and what level of threat it poses to the BU network.
Contain and Eradicate: The IT Services Teams will work towards containment and eradication e.g. isolation of the affected device. This will prevent harm from spreading further throughout the network
Recovery Process: The nature and effect of the incident will help dictate recovery
Review: This gives the opportunity to learn and if required to modify procedures and operations to mitigate the likelihood of the incident reoccurring.