How to Handle and Report IT Security Incidents
In This Article
Report a Security Incident
- It is important that you report an actual or suspected IT security incident as soon as possible so we can begin to investigate and resolve the incident.
- Report the incident to your departmental IT contact. If you do not have an IT contact or know who that is, report the incident to email@example.com
- If you are unsure where to report an incident, report it to firstname.lastname@example.org and the Division of IT's Security Operations Center will sort out reporting and tracking.
- The most important thing is to report the incident.
|If the incident poses any immediate danger call 911 or (301) 405.3333 to contact law enforcement authorities immediately.|
What is an IT Security Incident?
An IT security incident is attempted or actual:
- Unauthorized access, use, disclosure, modification, or destruction of information.
- Interference with information technology operation.
- Violation of explicit or implied acceptable use policy.
Examples of IT security incidents include:
- Computer system intrusion
- Unauthorized access to, or use of, systems, software, or data
- Unauthorized changes to systems, software, or data
- Loss or theft of equipment used to store or work with sensitive university data
- Denial of service attack
- Interference with the intended use of IT resources
- Compromised user accounts
Resources for IT professionals
During the first 10 minutes
- Determine the severity of the incident.
- In the case of a serious incident please note that continued interaction with a compromised machine could severely impact later forensic analysis.
When a significant incident is discovered you should contain the incident by:
- Restricting network access (pull the network cable from the computer)
- Keep the machine out of use
- Do not run anti-virus software, power down the machine, or attempt any kind of mitigation.
During the first 24 hours
Report all incidents to: email@example.com
Alert business owners and leadership, advising them to keep all details confidential until further notice. When you report an incident, please provide as much information as possible including:
- Your name
- Email address
- Telephone number
- Description of the IT security problem
- Date and time the problem was first noticed (if possible)
- Any other known resources affected
|The Division of IT's Security Operation Center will contact the unit and develop a plan for further containment and mitigation.|
Tips for Handling IT Security Incidents
- Stay calm. There is an established protocol for handling incidents, and Division of IT's Security Operation Center is equipped to guide the process.
- Sacrifice speed for correctness. Don't act rashly.
- Involve your leadership early. Remind them that all information, especially early in the investigation, should be limited to a need-to-know basis.
- Every detail is important. Share everything you know with the SOC's incident coordinator(s)