What is an IT Security Incident?

Overview

The university seeks to handle information security incidents so as to minimize their impact on the confidentiality, integrity, and availability of the university’s systems, applications, and data. 

It is especially important that serious information security incidents that may result in disruptions to important business processes are promptly communicated to the appropriate university officials so that they are involved early in decision-making and communications. In addition, compliance with various federal and state regulations requires expeditious reporting of certain types of incidents.

While information security incidents are not always preventable, appropriate procedures for incident detection, reporting, and handling, combined with education and awareness of the university community, can minimize their frequency, severity, and potentially negative individual, operational, legal, reputational, and financial consequences.

What is an IT Security Incident?

An IT security incident is attempted or actual:

  • Misuse of technology resources, compromise of integrity, or loss of confidentiality of University data (regardless of format)
  • Interference with information technology operation
  • Loss or theft of a University-owned computer (or a personal computer/device storing University data)
  • Violation of explicit or implied acceptable use policy

Examples include:

  • Compromised user accounts
  • Computer system intrusion
  • Unauthorized use of the accounts used to access University systems or information, which includes escalation of access privilege by an unauthorized person or persons.
  • Unauthorized access and/or changes to, or use of, systems, software, or data
  • Loss or theft of equipment used to store or work with sensitive university data
  • Denial-of-service attack
  • Interference with the intended use of IT resources

What to do About a Security Incident

  1. Report it to IT
  2. If a specific computer, device or server is involved:
  • Leave the device powered on. Disconnect the device from the network (unplug network cable or turn off WiFi).
  • Do not use or clean the device.
  • Attempting to "fix" a compromised system may interfere with our ability to determine the severity of an incident.

How to Report an IT Security Incident

  • Web - Report an incident by using the IT security incident form.
  • Phone - Report an incident by calling the IT service desk @ 612.343.4170
  • In person - IT Service Desk, Miller Hall 226

 

Details

Article ID: 70390
Created
Thu 1/17/19 6:44 PM
Modified
Thu 10/17/19 2:29 PM
Audience
Employees
Students

Related Articles (2)

Securing Physical Media and Using Physical Media File Storage and Sharing
Information about using physical media to store or share data.
What to Do if Your Account is Compromised
A compromised account is one accessed by a person not authorized to use the account.

Related Services / Offerings (2)

Compromised Accounts Support
If you suspect that your account has been compromised, report it immediately to IT.  IT will work with you to reset your password, restore access to your account, and investigate the impact of the incident.
Report Information Security Incidents
If you suspect a potential security issue involving any private information—whether the information is on a computer, on paper, on the web, etc.—immediately report the details to IT.