Computer and Information Security Incident Quick Reference Guide
Definition of Computer and Information Security Incident
- A computer security incident is a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices.
- An information security incident is any information technology-related incident in which sensitive data is copied, transmitted, viewed, stolen or used by an individual unauthorized to do.
Who should report a Computer Security or Information Security Incident?
All users of SLU IT resources are responsible for reporting suspected and confirmed incidents. When an incident occurs, follow these tips:
- Stay calm. The Information Security team has a process in place to address these issues.
- Immediately document the event (i.e. time, date, file name, application name, how discovered, type of data loss or exposure).
- Don't act hastily. The accuracy of the information is more important than how quickly it is addressed and resolved.
- Do not modify or make any changes to the system. This could impact file logs or contaminate system evidence.
- Involve senior management early. Remind them that details of the incident are to be kept confidential especially in the early stages as data is being collected.
- Don't withhold information. All details, no matter how insignificant it may seem, should be shared so informed decisions can be made.
How do I report a Computer or Information Security Incident?
Call or email the Information Security Team at 314-977-5499 or infosecurity@slu.edu.
|
To report a computer or information security incident, |
|
To contact the ITS Service Desk, email |
|
To report a Compliance issue: |
What type of Information Security Incident should be reported?
- Serious incidents are those that meet one or more of the following criteria:
- Involves unauthorized access to, loss or theft of a device known to store, process or transmit sensitive.
- Involves the suspected compromise of a critical enterprise security device, such as a data center firewall, border firewall, or authentication service.
- Involves compromise of an ITS-managed networking device, such as a router or switch.
- Causes the extended unavailability of a service critical to the University's mission.
- Involves a significant number of University systems, indicating a widespread attack.
- In the judgment of the CIO or ISO, poses a high severity risk to University systems or information.
Sensitive Data is a blanket term used to designate classes of data with a high level of sensitivity that the University is legally or contractually required to protect. At Saint Louis University, sensitive data refers to personally identifiable information (PII) such as:
- Social security number
- Credit card number
- Driver's license number
- Student records
- Protected health information (PHI)
- Human subject research
Compromised user or email accounts associated with sensitive data should also be reported.
