A Unit of IT Security

Incident Response

The IT Security Office Incident Response team provides an organized approach to address and manage the aftermath of potential cyber-security related incidents and events. Incident Response formalizes the response process by assisting in identification, recording, and analysis of cyber security threats in real-time. The team also provides guidance and assistance when necessary in recovering from an event.

Incident Response also utilizes an array of threat detection and identification tools (TDI) to proactively manage and reduce cyber security risks. The team monitors for malware, web shell attacks, indicators of compromise (IoC), phishing attempts, and other malicious behavior. Incident Response then collaborates with local IT units to effectively bring awareness and remediation to the threats detected. The IT Security Office offers departments formal incident response capabilities that include forensic imaging and analysis, IoC scanning, phishing validation, remediation guidance, and more to aid in mitigation and understanding of the cyber event.


  • Cyber Threat Intelligence and Monitoring – threat intelligence and reporting utilizing a variety of services such as FireEye, REN-ISAC, UT Austin Dorkbot, and more.
  • Phish Bowl – UCLA IT Security Office service which validates and posts known phishing attempts against UCLA and UCLA Health.
  • Forensic Imaging and Analysis – image acquisition and analysis utilizing a variety of tools such as Tableau and EnCase.
  • IoC and APT Scanning – Indicator of Compromise and Advanced Persistent Threat scanning utilizing tools such as THOR/SPARK, LOKI, and Fenrir.