Report a Security Incident

It is important that you report an actual or suspected IT security incident as soon as possible so we can begin to investigate and resolve the incident.  Report the incident to your departmental IT contact.  If you do not have an IT contact or know who that is, report the incident to This email address is being protected from spambots. You need JavaScript enabled to view it.If you are unsure where to report an incident, report it to This email address is being protected from spambots. You need JavaScript enabled to view it. and the Information Technology Services Security Team will sort out reporting and tracking.  The most important thing is to report the incident. 

Important: If the incident poses any immediate danger call 911 or 850-412-4357 to contact law enforcement authorities immediately.

What is an IT Security Incident?

An IT security incident is attempted or actual:

  • Unauthorized access, use, disclosure, modification, or destruction of information.
  • Interference with information technology operation.
  • Violation of explicit or implied acceptable use policy.

Examples of IT security incidents include:

  • Computer system intrusion
  • Unauthorized access to, or use of, systems, software, or data
  • Unauthorized changes to systems, software, or data
  • Loss or theft of equipment used to store or work with sensitive university data
  • Denial of service attack
  • Interference with the intended use of IT resources
  • Compromised user accounts

During the first 10 minutes

Determine the severity of the incident.  In the case of a serious incident please note that continued interaction with a compromised machine could severely impact later forensic analysis.  When a significant incident is discovered you should contain the incident by

  • Restricting network access (pull the network cable from the computer)
  • Keep the machine/server/network appliance out of use
  • Do not run anti-virus software, power down the machine, or attempt any kind of mitigation. This will impede the investigation process. Only unplug the machine from the network, do not power down, and do not let it out of sight. ITS and the Security Team will respond as quickly as possible.

During the first 24 hours

Report all incidents to: This email address is being protected from spambots. You need JavaScript enabled to view it.
Alert business owners, leadership, and/or your department, (or if you are a student your academic IT Representative) advising them to keep all details confidential until further notice. When you report an incident, please provide as much information as possible including:

  • Your name
  • Department
  • Email address
  • Telephone number
  • Description of the IT security problem
  • Date and time the problem was first noticed (if possible)
  • IP Address of the affected machine
  • Any other known resources affected

The Information Technology Department’s Security Team will contact the unit and develop a plan for further containment and mitigation.

Tips for Handling IT Security Incidents

  • Stay calm. There is an established procedure for handling incidents.
  • Do not sacrifice speed for correctness. Don’t act rashly.
  • Involve your leadership early. Remind them that all information, especially early in the investigation, should be limited to a need-to-know basis.
  • Every detail is important. Share everything you know with the investigating coordinator from ITS

Map

 

Information Technology Services · 1610 S. Martin Luther King Jr., Blvd. · University Commons Room G126 · Tallahassee, FL 32307 · P: (850) 599-3560

Feedback

Suggestions? Please tell us how we can improve our web site!

 

 

 

 

 

 

Copyright © 2017  Florida A&M University. All Rights Reserved.