Extensive / Widespread incidents will be further reported to University Senior management.

• Upon receiving report from IT Security Officer, Director of ITSC will report the incident to Associate Provost (Teaching & Learning) and Vice-President for Administration & Business within 24 hours on confirmation of the incident. They will decide collectively if further escalatation to the President and/or any legal action are necessary.
• All server and network logs will be preserved. 
• In addition, the incident will be handled in a manner acceptable for possible subsequent legal action. Namely,certified cybersecurity forensics experts will be engaged to assist the investigation and handling of evidence, with respect to the following actions:
  • Data acquisition : Use forensically safe method to obtain compromised image. 
  • Evidence handling : Evidence and its copies will be safely stored and protected. Detail transfer logs will be documented in order to preserve chain of custody.
  • Investigation : Investigation methods will be clearly documented in order to show it is comprehensive.
  • Reports will be prepared in a forensically sound manner when the incident is required to be admissible in court.

Milestone at different stages

• Report will be provided when one of the following milestones is reached during the course of incident handling:
  • Early assessment on business impact 
  • Completion of containment and how the containment could protect the business.
  • Completion of incident eradication.
  • Final incident report is ready.
• In case the next milestone cannot be reached within a month, a monthly update will be provided.