Cybersecurity Operations Center (CSOC)

Team members provide incident response for many different cybersecurity scenarios such as compromised accounts, business email compromise, phishing, system or data breach, unauthorized data disclosure or malware infection. Depending on the requirements of the incident, the CSOC will engage to monitor suspected anomalous activity, conduct forensic analysis on log or system data, contain accounts or systems impacted and consult on appropriate steps for mitigation.  

Using enterprise and open-source solutions, the CSOC also conducts network traffic analysis, threat hunting, and network monitoring of suspected adversarial sources.

We work collaboratively with law enforcement agencies, research integrity, human resources, and other administrative bodies under the guidance of University Legal Counsel, supporting legal response, e-discovery, and data preservation services. 

Timelines

Event triage takes place within 24 hours of notice or detection.  

Critical severity events

• begin investigation within 1 hour of triage and mitigation of critical events is enacted on a prioritized “ASAP” premise. 

High severity events

• begin investigation within 4 hours of triage 

Medium severity events

• begin investigation within 48 hours of triage  

Low severity events

• begin investigation within 96 hours of triage  

Reach Our Team

Report incidents or other urgent cybersecurity events by sending an email to security@illinois.edu or phone 217-265-0000, option 3.  

Non-urgent inquiries can be sent to securitysupport@illinois.edu.

Team Members

• Taylor Judd, Acting Associate Director Information Security
• Prabha Manda, Manager, Cybersecurity Operations Center
• Bob Heren, Senior Cybersecurity Analyst
• Carl Stephens, IT Security Analyst
• Steve Fletcher, Cybersecurity Analyst
• Spencer Sharp, Cybersecurity Analyst