Skip to main content
Penn Information Systems & Computing Systems Home

Search form

System Status
  • Get Started
    • IT Staff
    • Faculty
    • Staff
    • Students
    • Alumni & Guests
    • ISC Staff
  • Services
    • — Services A to Z —
    • Accounts, Access & Security
      • Access Management Services
      • Active Directory
      • Identity Management Services
      • Information Security Services
    • Applications & Data Analytics
      • Application Development & Delivery
      • Data Analytics
        • Data Analytics at Penn
      • Integration Development & Delivery
    • Backup, Storage & Platforms
      • BackItUp
      • Cloud Solutions
      • Data Center & Colocation Solutions
      • Database & Application Platform Support & Consulting
      • Endpoint Management
      • Recovery Solutions
      • Storage
      • Virtual Desktop
      • Virtual Server Hosting
    • Community, Support & Learning
      • Classroom Technology Services
      • Desktop Engineering
      • IT Community Events
      • LinkedIn Learning
      • Tech Center
    • Consulting & Professional Services
      • Brokered Products
      • HireIT
      • Systems Support & Consulting
      • Technology Forecasting
    • Email, Calendaring & Collaboration
      • Classlists
      • Penn Email Routing
      • PennBox
      • PennNet Mailing Lists
      • PennO365
      • PennZoom
      • SMTP-Relay
      • Secure Share
    • Networks & Connectivity
      • Firewall Services
      • Network Design & Installation
      • PennNet
        • Network Names & Numbers
        • MAGPI (Penn's Internet2 Regional Optical Network)
      • PennNet Ethernet Ports
      • Wireless at Penn
    • Phone, TV & Video
      • Broadcasting Studio
      • Contact Center
      • Live Video Streaming
      • Penn Video Network
      • PennFlex Phone
      • PennNet Phone
      • Traditional Telephony
      • Video Content Management
      • Video Production
        • Producing Video Content
    • Web Hosting
      • Web Services
    • — Service Rates —
    • — Service Level Agreements —
  • Security
    • Office of Information Security
    • Security Services
    • Special Projects
    • Policies & Procedures
    • Training & Awareness
  • Collaborations
    • Computing Policies
    • Engaging Penn’s IT Community
    • Identity & Access Management
    • Penn IT Strategic Plan
    • Cloud First
    • Next Generation Unified Communications
    • Penn Bot
    • IT Advisory Groups
      • Common Solutions
      • IT Roundtable
      • Network Policy Committee
      • Penn Technology Investment Committee (PTIC)
        • About PTIC
        • The PTIC IT Development Fund
    • Special Interest Groups (SIGs)
      • Audio-Visual (AV-SIG)
      • Cloud Computing (Cloud-SIG)
      • Data Visualization (DataViz-SIG)
      • Developer SIG (Dev-SIG)
      • High-Performance Computing (HPC-SIG)
      • Instructional Technology SIG
      • Linux SIG
      • Macintosh Networking Group (MacNet)
      • Mobile Technologies (Mobile-SIG)
      • O365 Special Interest Group
      • PC Networking Group (PC-Net)
      • Project Partners SIG
      • Security SIG
      • Social Media SIG
      • Splunk Special Interest Group
      • Super User Group (SUG)
      • Web SIG
    • Technology Services Strategy Review Board
  • News
  • Events
  • About
    • Overview
    • Leadership & Groups
    • Purpose & Values
    • Strategic Goals
    • Recognition
    • Staff Profiles
    • Tech Jobs @ Penn
    • Contact Us
  • Hot Topics
  • Get IT Help
    • Help for Students
    • Help for Faculty & Staff
    • Help for Alumni
    • Help for Guests & Others
    • Resources for IT Staff

You are here

Home » Response to a Compromised Computer with Sensitive Data

Response to a Compromised Computer with Sensitive Data

Purpose

The purpose of this procedure is to provide IT staff at the University of Pennsylvania with recommended actions to take when a computing device with sensitive data is suspected to be compromised.   

Trigger
  • Trigger
  • Steps to Take
  • Terms
  • Revision

This procedure is triggered when an IT staff member at Penn suspects a computing device with sensitive data compromise. The IT staff may:

  • Suspect unauthorized access to a computing device or an application.
  • Receipt of notification of a compromise or a suspected compromise.
  • Notice abnormal behavior of the computing device in question, e.g. too slow, crashes frequently.
  • Detect malware through anti-virus software running on a server.
  1. Disconnect the computing device from the network;
  • Unplug the Ethernet cable from the computer or server.      
  • Turn off wireless (Wi-Fi/Bluetooth) network connectivity via the operating system’s settings (as well as the hardware switch, if the device has one).
  1. Do NOT turn off or shut down the computing device. Logging off or shutting down the computing device in question could remove crucial data in identifying the source of compromise.
  2. Do NOT run anti-virus or anti-malware software. Running anti-malware software or attempting to conduct your own analysis may delete information needed to resolve the issue.
  3. Contact the Office of Information Security (InfoSec) at (215) 898-2172 or security@isc.upenn.edu
  4. Do NOT interact with the system unless instructed by InfoSec. Avoid modifying any system files or attempt to conduct your own analysis.
  5. Make a list of sensitive data items stored or handled by the computing device. 
  6. Preserve any system logs or backups stored externally and prevent overwriting or “rolling off.”

Note: If the system DOES NOT contain sensitive data, reimage system according to your organization's policies. No further action from this checklist is required.

  • IT Staff – An individual who handles and/or manages servers and computing assets owned by Penn or connected to Penn’s network.
  • Computing Assets– Penn’s network, computing devices and electronic university data
  • Computing Device - Desktop, laptop, server, tablet or a printer connected to Penn’s network
Version Date Author Approval
Draft 0.02 08/30/2017 Wiam Younes  

Visit ISC on LinkedIn

Print
InfoSec Home
Resources
  • InfoSec Policies and Procedures
  • Computing Policies and Guidelines
  • Computer Security Policy
  • Information Systems Security Incident Response Policy
Contact InfoSec
  • Computing Policies
  • Tech Jobs @ Penn
System Status

© 2023 THE UNIVERSITY OF PENNSYLVANIA — 3401 Walnut Street, Philadelphia, PA 19104 — Report accessibility issues and get help — For ISC Staff