MIT maintains and updates, as needed, an overall plan for responding to information security incidents. The goal of the Information Security Incident Response Plan is to provide a framework to ensure that potential information security incidents are managed in an effective and consistent manner.
This plan incorporates the risk classifications for Institute research data and administrative information as outlined in MIT’s Written Information Security Program (WISP) and applies to the systems, research and administrative data, and networks of MIT and any person or device that gains access to these systems or data.
MIT’s overall incident response process includes:
• Preparation – activities that enable MIT to respond to an incident i.e., policies, tools, procedures, effective governance and communication plans.
• Detection – discovery of the event with security tools or notification by an inside or outside party about a suspected incident.
• Containment – identification, isolation/mitigation of affected host/system and notification of affected parties.
• Investigation – priority, scope, risk and root cause of the incident is established.
• Remediation – post-incident repair of affected systems, confirmation that threat is remediated, communication and instructions to affected parties.
• Recovery – post-incident analysis for procedural and policy implications.
MIT’s Data Incident Response Team (DIRT) is responsible for the maintenance and revision of this document. The DIRT is charged with executing this plan by virtue of its responsibilities to alert, respond, investigate, notify and document incidents of suspected or actual compromise.
Please reach out to infoprotect@mit.edu for additional details or a copy of the plan.