Specifications include, but are not limited to: Contractor will provide the following services to University or UT institutions in the event of an information security breach or disruptive incident, such as ransomware or a distributed denial of service (DDOS) attack occurring anywhere within the UT System. While the exact nature of the services needed for any specific incident or event cannot be specified in advance, the following types of services are relevant and not necessarily comprehensive: A. Incident scoping. B. Analysis of malware to determine nature, origin, and scope of intrusion or infection. C. Review of logs (i.e., network, system, application audit, etc.). D. Real-time monitoring (e.g., search for threat actor activity, malicious network indicators, backdoor communications, data exfiltration). E. Real-time corrective actions or recommendations, as necessary, to protect University or UT institution. F. Collaboration with University, UT institution, outside legal counsel, public relations, and crisis management firms.
