Report a Security Incident

report

Promptly report violations. If you suspect or witness a Security Event, report it as soon as possible. 

What is a Security Incident

  • A compromise of the confidentiality (privacy), integrity or availability of Institutional Information or IT Resources in a material or reportable way.

Computer Security Incident

A computer security incident is any attempted or successful unauthorized access, disclosure, or misuse of computing systems, data or networks, including hacking and theft.
  • Report anything unusual. If it sets off a warning in your mind, it may be a problem. Don’t ignore it!
  • Immediately report suspected security incidents and breaches to your supervisor and the ITS Support CenterBe sure to indicate whether sensitive information may be at risk.
  • If you think your computer has been compromised, or someone might be accessing your computer remotely, it is best if you can unplug the network cable, turn wireless off, and leave the computer on until help arrives.
  • Warning signs your computer might be infected

Theft of Computing Equipment

Report suspected theft of UCSC-related computing equipment to the police, Risk Services, the ITS Support Center and your supervisor.


Checklist for Lost or Stolen Mobile Devices

  • Immediately report lost or stolen devices to the police
    • Report to UCSC police for campus incidents and local police for off-campus incidents (phone is best)
    • Always get an incident or report number
    • Call them back if item is found, including if a separate agency contacts you regarding a found device
  • If you used the device for work
    • Also report it to the ITS Support Center (info above) so they can help identify and address potential compromised accounts or data
    • Report a claim through Risk Services for a university-owned device
    • Notify your supervisor if it was a university-owned device
  • For phones, notify your cellular carrier-- see if they can deactivate the device
  • Change all passwords stored or used on the device, including email, Dropbox, banking, etc.
  • Notify credit card companies and banks if you used the device for shopping or banking
  • Try to track its location, if possible
  • Try remote wipe if sensitive data or passwords were stored

Tips for protecting mobile devices: http://its.ucsc.edu/security/mobile.html


Report Phishing

Here’s how you can help yourself and others.

  • DO NOT respond directly to a phishing attempt.
  • DO REPORT an email phishing attempt immediately to ITS and Google by following these steps:
    • Report to ITS: Copy the entire message including full headers and send to help@ucsc.edu. Full headers are a critical resource in determining the origin of a phishing email. ITS needs full headers to investigate the phish. Instructions for full headers.
    • Report to Google: If you are using the UCSC Gmail web interface, open the message, click the Down arrow (next to the Reply button), and then click Report phishing.

Other Security Incidents

Other security incidents that should be reported include:
  • Physical break-in.  Even if you are unsure what, if anything, was compromised or taken.
  • Policy violation.  A situation that involves willful or unintentional violation of information security policies.
  • Privacy violation.  Any suspected or actual exposure of personal information in violation of an individual’s right to personal privacy.

Prevent


Policy

UC IS-3 Electronic Information Security Policy, section 16.1.2 Reporting Information Security Events

  • Workforce Members must promptly report known or suspected Information Security Incidents, Information Security Events, threats or vulnerabilities associated with Institutional Information or IT Resources to the Workforce Manager, Unit Head or CISO.
  • Locations must develop a method for students to report known or suspected Information Security Incidents, Information Security Events, threats or vulnerabilities associated with Institutional Information or IT Resources.


For ITS Staff:

List of KBs relating to computer security incident reporting and response (login required)