What are security investigations?
Protecting assets and data at Rice includes methodical and collaborative investigation of potential threats, attempted phishing attempts, and suspicious behavior on our networks. This process can be initiated for minor events like a phishing campaign, or for larger more complex issues such as information security breaches of a sensitive nature. It can include standard incident response procedures as may be needed to comply with law enforcement investigations or governance regulations like GDPR and PCI.
The ISO regularly sweeps the Rice network for new vulnerabilities as they become known. This is part of our vulnerability management program, but may also be a part of a security investigation, especially as risks are resolved after a security incident.
What do we do?
A security investigation may include but is not limited to the following.
- Investigate suspicious email.
- Investigate suspicious logins, system behavior, and networking traffic.
- Pull forensic system images for certain system breaches, legal issues, or to determine risk/exposure when a system is compromised or stolen.
- Interview people or send out questionnaires to gather relevant information as needed.
- Liaison with Rice community members needing information security investigation assistance.
If you have experienced an incident needing investigation or would like to request an investigation, please email the firstname.lastname@example.org or fill out our "Report a Security Incident" form here: https://oit.rice.edu/security-incident