Report a Security Incident
Important: If the incident poses any immediate danger call 911 or 850-412-4357 to contact law enforcement authorities immediately.
What is an IT Security Incident?
An IT security incident is attempted or actual:
- Unauthorized access, use, disclosure, modification, or destruction of information.
- Interference with information technology operation.
- Violation of explicit or implied acceptable use policy.
Examples of IT security incidents include:
- Computer system intrusion
- Unauthorized access to, or use of, systems, software, or data
- Unauthorized changes to systems, software, or data
- Loss or theft of equipment used to store or work with sensitive university data
- Denial of service attack
- Interference with the intended use of IT resources
- Compromised user accounts
During the first 10 minutes
Determine the severity of the incident. In the case of a serious incident please note that continued interaction with a compromised machine could severely impact later forensic analysis. When a significant incident is discovered you should contain the incident by
- Restricting network access (pull the network cable from the computer)
- Keep the machine/server/network appliance out of use
- Do not run anti-virus software, power down the machine, or attempt any kind of mitigation. This will impede the investigation process. Only unplug the machine from the network, do not power down, and do not let it out of sight. ITS and the Security Team will respond as quickly as possible.
During the first 24 hours
Alert business owners, leadership, and/or your department, (or if you are a student your academic IT Representative) advising them to keep all details confidential until further notice. When you report an incident, please provide as much information as possible including:
- Your name
- Email address
- Telephone number
- Description of the IT security problem
- Date and time the problem was first noticed (if possible)
- IP Address of the affected machine
- Any other known resources affected
The Information Technology Department’s Security Team will contact the unit and develop a plan for further containment and mitigation.
Tips for Handling IT Security Incidents
- Stay calm. There is an established procedure for handling incidents.
- Do not sacrifice speed for correctness. Don’t act rashly.
- Involve your leadership early. Remind them that all information, especially early in the investigation, should be limited to a need-to-know basis.
- Every detail is important. Share everything you know with the investigating coordinator from ITS