Common ITSO security notices are given below for reference:

Compromised Host

ITSO has strong evidence that attackers have gained unauthorized access to the computer.

ITSO action

1. Host blocked from network access to prevent further damage.
2. ITSO emails relevant network log message and location host information to Cyber Security Cordinators.

Your action

1. Read the log message that triggered the ITSO notice.
2. Reply to ITSO if you believe the alert is “false-positive”.

Otherwise

1. Check and clean up the infection or re-install the machine.
2. Reply to ITSO with evidence that the above action has been taken.
3. ITSO will re-enable network access.
4. Reset users’ passwords compromised by using this host.

ITSO will enforce re-installation if the host is found to be compromised again.

Suspicious Host

ITSO detects suspicious network activities but is not sure the host has been compromised. This may be due to rogue software or adware, ill-fate downloader being installed, or malware being downloaded.

ITSO action

1. ITSO emails related network log message and host location information to Cyber Security Coordinators.

Your action

1. Check if the host is infected.
2. If the host has been infected, clean it up.

There is no need to reply to ITSO unless you have other questions.

Vulnerable Host

ITSO scans detect that the host has flaws, which may allow attackers to compromise it. This is usually caused by outdated patches, or if the system configuration is not secure.

ITSO action

1. ITSO emails relevant vulnerable information, remedial steps, and host location information to the Cyber Security Coordinators.

Your action

1. Apply related patches or the proper secure configurations.
2. Reply to ITSO that remedial action has been taken.