How to Report an Information Security Incident?
What is a Security Incident?
A security incident is any attempted or actual unauthorized access, use, disclosure, modification, or destruction of information. This includes interference with information technology operation and violation of the organization’s policy, laws or regulations.
Examples of security incidents include:
- Computer system breach
- Unauthorized access to, or use of, systems, software, or data
- Unauthorized changes to systems, software, or data
- Loss or theft of equipment storing institutional data
- Denial of service attack
- Interference with the intended use of IT resources
- Compromised user accounts
It is important that actual or suspected security incidents are reported as early as possible so that campus can limit the damage and cost of recovery. Include specific details regarding the system breach, vulnerability, or compromise of your computer and we will respond with a plan for further containment and mitigation.
How to report a security incident
Important: If the incident poses any immediate danger, contact the Incidence Response Team immediately via firstname.lastname@example.org
Information to include in the report:
- Your name
- Email address
- Telephone number
- Description of the information security problem
- Date and time the problem was first noticed (if possible)
- Any other known resources affected
To report an information security incident, follow these steps:
- Identify the incident: Determine if the situation qualifies as an information security incident. This can include unauthorized access to systems or data, malware infections, data breaches, network attacks, or any other security-related event.
- Contain the incident: Take immediate action to contain the incident and prevent further damage. This can involve isolating affected systems, disconnecting from the network, or disabling compromised accounts.
- Document the incident: Gather as much information as possible about the incident. Note the date, time, and location of the incident, as well as the systems, devices, or individuals involved. Document any suspicious or unusual activities leading up to the incident.
- Notify the appropriate authority: Report the incident to your organization’s designated reporting authority. This can be your IT department, security team, or incident response team. If your organization has specific incident reporting and response procedures, follow those guidelines.
- Follow incident response procedures: If your organization has established incident response procedures, follow the steps outlined in those protocols. This may include preserving evidence, conducting a forensic investigation, or engaging external security consultants.
- Inform affected parties: If the incident involves a breach of personal data or could potentially impact individuals or organizations outside your organization, consider notifying those affected. Depending on the regulations and laws in your country, you may be required to inform individuals of any breach involving their personal information.
- Learn from the incident: After the incident is resolved, conduct a post-incident analysis to identify any lessons learned and areas for improvement in your organization’s security practices. Use this information to enhance your security measures and prevent similar incidents in the future.
Remember, the specific reporting procedures and contacts may vary depending on the organization, so it is essential to follow your organization’s policies and guidelines when reporting an information security incident.