Cybersecurity Operations Center (CSOC)
The Cybersecurity Operations Center (CSOC) manages incident, threat, or vulnerability intake, triage, validation, and response through situation containment, mitigation, and critical consultation.
If you fear for your or someone else’s safety, call 911.
Report incidents or other urgent cybersecurity events at UIUC by sending an email to email@example.com or phone 217-265-0000, option 3.
Members of the UIS community should report to firstname.lastname@example.org.
Provide as many relevant details as possible. A member of the Cybersecurity Operations Center (CSOC) will respond and provide additional next steps.
Team members provide incident response for many different cybersecurity scenarios such as compromised accounts, business email compromise, phishing, system or data breach, unauthorized data disclosure or malware infection. Depending on the requirements of the incident, the CSOC will engage to monitor suspected anomalous activity, conduct forensic analysis on log or system data, contain accounts or systems impacted and consult on appropriate steps for mitigation.
Using enterprise and open-source solutions, the CSOC also conducts network traffic analysis, threat hunting, and network monitoring of suspected adversarial sources.
We work collaboratively with law enforcement agencies, research integrity, human resources, and other administrative bodies under the guidance of University Legal Counsel, supporting legal response, e-discovery, and data preservation services.
Event triage takes place within 24 hours of notice or detection.
Critical severity events
- begin investigation within 1 hour of triage and mitigation of critical events is enacted on a prioritized “ASAP” premise.
High severity events
- begin investigation within 4 hours of triage
Medium severity events
- begin investigation within 48 hours of triage
Low severity events
- begin investigation within 96 hours of triage
- Taylor Judd, Acting Associate Director Information Security
- Katie Lackermann, Acting Cybersecurity Operations Center Manager
- Bob Heren, Senior IT Security Analyst
- Jon Karagiannakis, Senior IT Security Analyst
- Phabha Manda, Senior IT Security Analyst
- Carl Stephens, IT Security Analyst