No. CS001 Reporting an IT Security Incident July 2009
Introduction
Compromises in security can potentially occur at every level of computing from an individual's
desktop computer to the largest and best-protected systems on campus. Incidents can be accidental
incursions or deliberate attempts to break into systems and can be benign to malicious in purpose or
consequence. Regardless, each incident requires careful response at a level commensurate with its
potential impact to the security of individuals and the campus as a whole. This document outlines
the procedure individuals should follow to report potentially serious IT security incidents and the
actions the Computing Services Department will take upon notification of an IT security incident.
Section I – What to Report
For the purposes of this policy an "IT security incident" is any accidental or malicious act with the
potential to:
• Result in misappropriation or misuse of confidential information (social security number,
grades, health records, financial transactions, etc.) of an individual or individuals
• Significantly imperil the functionality of the information technology infrastructure of the
ASC campus
• Provide for unauthorized access to College resources or information
• Allow ASC information technology resources to be used to launch attacks against the
resources and information of other individuals or organizations
Section II - How to Report
ASC faculty and staff should report all suspected computer security incidents to the Computing
Services Help Desk at 587-7741. A help desk representative will record the caller’s contact
information and data about the incident and forward it to the Computing Services Security Working
Group (SWG). It’s recommended that the telephone be used for reporting purposes, rather than e-
mail or other electronic means.
If the person reporting the incident wishes to maintain anonymity, the information may be sent via
the college mail system to the Chief Information Officer. However, be advised that the effectiveness
and timeliness of the response may be hampered if additional necessary information cannot be
attained.
If a security incident is suspected, take the following steps to minimize any potential damage:
• Don’t turn the computer off
• Isolate the computer by disconnecting the (blue or yellow) network cable connecting the
computer to the data port on the wall
1