Services

If you fear for your or someone else’s safety, call 911.

Report incidents or other urgent cybersecurity events by sending an email to security@illinois.edu.

Provide as many relevant details as possible. A member of the Cybersecurity Operations Center (CSOC) will respond and provide additional next steps.

Cybersecurity Operations Center – Critical Event Response

Incident intake, triage, validation, and response
Vulnerability/exposure intake, triage, validation, and response
Threat intake, triage, validation, and response (response can include situation containment, mitigation, and critical consultation)
As-needed emergent engagement with leadership enacted when administrative process is required due to standing requirements, commitments, laws, policies, or procedures.
Continual monitoring, scanning, intelligence gathering, and network interrogation techniques to be employed for the purpose of detecting cybersecurity vulnerabilities, threats, exposures, breaches, anomalous activity, risks borne from noncompliance, cybersecurity incidents, misconfigurations, or other activities and conditions which may contribute to risk.
Notification provided to owners of record after mitigation actions are taken, as soon as is practical. A best-effort process will be employed to contact security liaisons and/or stewards. Process assumes contacts are registered and findable in the CDB, Security Liaisons registry, or otherwise immediately identifiable using established university enterprise constructs.

Report incidents or other urgent security events by emailing security@illinois.edu. Critical events can be reported by calling the 24×7 on-call responder at 217-265-0000, option 3.

Event triage will take place within 24 hours of notice or detection.

Critical severity events will be addressed no more than 1 hour from the time of triage.
High severity events: work to begin no more than 4 hours from the time of triage.
Medium severity events: work to begin no more than 48 hours from the time of triage.
Low severity events: work to begin no more than 96 hours from the time of triage.

Non-emergency consultation requests, cybersecurity planning, security policy support, compliance guidance, security engineering requests, feedback gathering, tools maintenance, cybersecurity resource support, and other non-emergency cybersecurity-related requests.

University Administration, Urbana campus, and Springfield campus customers (faculty, researchers, staff, students) can request cybersecurity consulting.
Technical cybersecurity support is available for Administration staff, Urbana staff, and Springfield staff, as well as specialized support groups (Technology Services Help Desk, Privacy & Security Liaisons, etc).
Project security resource, assessment, engineering and planning support are available for Technology Services and AITS customers.
Maintenance of security tools and services provided at-will for designated cybersecurity liaisons/staff members at University Administration, Urbana campus, and Springfield campus.

Requests sent to securitysupport@illinois.edu will be assigned within 3 business days of arrival. Most replies will be sent within 10 business days.
Work requests, extended consultation requests, escalations, project resource requests, risk/contract consulting, and nonstandard requests require longer.