Report an Information Security Incident

Para ver la informacion de esta pagina en Español seleciona Español en el menú debajo.

What is a Security Incident?

A security incident is any compromise of the privacy, integrity, or availability of Institutional Information or IT resources. Security incidents include cyberattacks, such as a compromised system, and physical violations, such as computer theft. Other kinds of security incidents include physical break-ins, policy violations, and privacy violations.

In accordance with UC IS-3 Electronic Information Security Policy, section 16.1.2, all UCSC employees and contractors must promptly report violations. If you suspect or witness a security incident, report it as soon as possible to your supervisor and the ITS Support Center. Be sure to indicate whether sensitive information may be at risk.

report

 

Cyberattacks

A cyberattack is any attempted or successful unauthorized access, disclosure, or misuse of computing systems, data, or networks.
  • Beware of signs your computer might be infected.
  • If you think your computer has been compromised, or someone might be accessing your computer remotely, it is best to unplug the network cable, turn wireless off, and leave the computer on until help arrives.
  • Report phishing scams to Google.

Computer Theft

Computer theft includes personal and UCSC-related computing equipment, including mobile devices.

  • Report suspected computer theft to the police, Risk Services, the ITS Support Center, and your supervisor. On-campus theft: Contact the UCSC Police Department at 831-459-2231.
  • Off-campus theft: Contact local police.
  • For university-owned devices, Report a claim through Risk Services.
  • Be sure to tell the ITS Support Center if the stolen equipment contains any sensitive information.
  • See the checklist for lost/stolen mobile devices on the Mobile Devices and Wireless page.

Other Security Incidents

Other security incidents that should be reported include:
  • Physical break-ins: Even if you are unsure what, if anything, was compromised or taken.
  • Policy violations: A situation that involves willful or unintentional violation of information security policies.
  • Privacy violations: Any suspected or actual exposure of personal information in violation of an individual’s right to personal privacy.