Incident Investigation

Security Incident Investigation services at the University of Louisville provide expert analysis and response to suspected or confirmed cybersecurity incidents affecting university data, systems or operations. Managed by ITS Enterprise Security, these services help identify the root cause, scope and impact of security events, supporting rapid containment, remediation and continuous improvement of institutional security posture.

Details

Incident investigation is delivered through coordinated forensic analysis, evidence collection and collaboration with affected departments and individuals. The ITS Enterprise Security team uses advanced tools and methodologies to trace incidents, assess damage and recommend corrective actions. Investigations are conducted in compliance with university policies and regulatory requirements.

  • Access Points: Security incidents requiring investigation can be reported via the ITS Helpdesk, secureit@louisville.edu for cybersecurity incidents, or isopol@louisville.edu for data privacy/breach concerns. Anonymous reporting is available via the Compliance Hotline.
  • Service Request Procedures: Report incidents using online forms, email, or phone. Provide details about the event, affected systems, and any observed impact. The Enterprise Security team will initiate an investigation and communicate next steps.
  • Support Contacts: ITS Helpdesk at 502-852-7997, secureit@louisville.edu, isopol@louisville.edu, or the Compliance Hotline at 1-877-852-1167.
  • Associated Documentation: Incident investigation guides, reporting procedures, and security policies are available on the ITS and Security Operations websites.

Key Features

  • Forensic investigation of cybersecurity incidents and data breaches
  • Evidence collection and analysis to determine root cause and scope
  • Collaboration with affected departments and system owners
  • Recommendations for containment, remediation, and prevention
  • Documentation and reporting for compliance and audit purposes
  • Continuous improvement of security controls based on findings

Benefits

  • Accurate identification and resolution of security incidents
  • Minimized impact on university operations and data
  • Enhanced protection against future threats
  • Compliance with legal and regulatory obligations
  • Support for a resilient and secure campus environment

Audience

  • Faculty, Staff, and Students: Reporting or affected by security incidents
  • Departmental IT Teams: Collaborating on incident investigation and remediation
  • System Administrators: Supporting forensic analysis and evidence collection
  • ITS and Security Teams: Overseeing incident investigation and security operations

How to Get Started

  1. Immediately report suspected or confirmed security incidents using the ITS Helpdesk, secureit@louisville.edu, or the Compliance Hotline.
  2. Provide as much detail as possible about the incident, including affected systems and observed impact.
  3. Cooperate with the Enterprise Security team during the investigation process.
  4. Review investigation guides and security policies for best practices.
  5. Coordinate with ITS Enterprise Security for ongoing support and post-incident analysis.