Reporting IT Security Incidents
Reporting IT Security Incidents
Procedure for Reporting IT Security Incidents
What is an IT Security Incident?
IT security incidents are potential attacks on digital assets. They jeopardize the confidentiality, integrity, or availability of digital assets and the data stored on it. It is also a threat towards violation of institutional security policies, security procedures, or acceptable use policies.
Impact of an IT Security Incident
Potential attacks can damage digital assets making them inoperable, unstable, or allow a threat actor to compromise and use them for their illicit purposes. Furthermore, theft of sensitive data pertaining to the University, employees, faculty, and students can be stolen. Reputational damage, loss of revenue, service disruption, or legal liability can also be incurred due to incidents.
Source: DHS – Cyber Incidents
Examples of an IT Security Incident
- A malicious actor compromising, degrading, or destroying systems, networks, or services.
- Attempted phishing attack executed via an email message to compromise user accounts, private information, or digital assets.
- The loss or theft of a portable device – such as a laptop or smartphone – used by the institution.
- Incidents resulting from a violation of acceptable usage policies by an authorized user.
- System compromise through removable media (e.g., flash drive, CD) or a peripheral device.
Source: Types-of-Security-Incidents
Reporting an IT Security Incident
IT security incidents can cause great harm to the University community. For this reason, it is important to report it immediately if one is detected so it can be investigated, and the possible impact minimized. To report a suspected incident,
Report Information | Report Details |
---|---|
Provide the Subject Matter |
|
Provide Individual/Group Details: |
|
Provide Incident Details: |
|
Send Email To: |
Do not tamper with the asset or environment believed to be compromised to avoid loss of evidence or changing anything that requires investigation.
If an electronic device has been compromised:
- Do not access (do not logon) or alter compromised device.
- Do not power off the compromised device to avoid loss of data or evidence.
- Do unplug network cable (NOT power cable) from the compromised device, as well as disconnect from WiFi.
If a user account was compromised:
- Disable the account(s) and have the password changed
Additionally, any suspected security incidents occurring outside of the University community can be reported through NJCCIC Cybersecurity Incident Reporting System. For more information and sources, you can visit the Law Enforcement Cyber Center