Home Reporting an IT Security Incident
Report an IT Security Incident
It is important that you report actual or suspected IT security incidents as soon as possible so that work can begin to investigate and resolve them. Incident reporting procedures differ depending on whether you are in a MiWorkspace unit:
If you are unsure where to report an incident, you can report it to either the ITS Service Center or firstname.lastname@example.org, and ITS staff will sort out the reporting and tracking. The most important thing is to report the incident.
U-M Health System (UMHS). Those at UMHS should report suspected or actual IT security incidents to the appropriate IT service desk:
Important: If the incident poses any immediate danger, call 911 to contact law enforcement authorities immediately.
An IT security incident is attempted or actual
Examples of IT security incidents include:
Reporting of IT security incidents is governed by Information Security Incident Reporting Policy (SPG 601.25).
Quick Reference Guide: When an IT Security Incident Occurs (PDF). Provides a description of the full lifecycle of incident management at U-M and a summary of key actions to be taken by unit and IIA staff.
During the First 10 Minutes
Determine the severity of the incident.
In the case of a serious incident, please note that continued interaction with a compromised machine can severely affect later forensic analysis. When an incident is discovered, the unit should:
During the First 24 Hours
Report all serious incidents to: email@example.com, except:
Alert business owners and leadership, advising them to keep all details confidential until further notice.When you report an incident, please provide as much information as possible including:
IIA will contact the unit and develop a plan for further containment and mitigation.
Tips for Handling IT Security Incidents
IIA is the liaison to the Office of Risk Management with respect to initiating claims under the cyber risk insurance coverage that Risk Management provides to U-M units. IT security incidents that include the potential for recoverable losses must be reported as described above.
|Last modified May 12, 2016|