University of Michigan | ITS

banner_blue

Protect Your Computer
and Data

Report an IT Security Incident

Services

Digital Copyright Compliance

Home

Reporting an IT Security Incident

Report an IT Security Incident: Users

The types of incidents that you should report include:

Unauthorized exposure of private personal information (which may lead to identity theft or misrepresentation)
Computer break-ins and other unauthorized use of U-M systems or data
Unauthorized changes to computers or software
Equipment theft or loss
Interference with the intended use of information technology resources

Please report all incidents to the unit security coordinator designated by your school, college, or department or to your IT department. If you don’t know where to report an incident, please contact security@umich.edu.

Important: If the incident poses any immediate danger, call 911 to contact law enforcement authorities immediately.

Quick Reference Guide:
When an IT Security Incident Occurs

This Quick Reference Guide provides a description of the full lifecycle of incident management at U-M and a summary of key actions to be taken by unit and IIA staff.

Report an IT Security Incident: Unit Security Coordinators

Please follow these guidelines if an IT Security Incident occurs:

First Ten Minutes

Determine the severity of the incident.
In the case of a serious incident, please note that continued interaction with a compromised machine can severely affect later forensic analysis. When an incident is discovered, the unit should:

CONTAIN THE INCIDENT BY:

Restricting network access
Disabling all remote access
Keeping the machine out of use

AND NOT:

Run the anti-virus software
Power down the machine
Attempt any kind of unilateral mitigation process

First 24 Hours

Report all serious incidents to: security@umich.edu, except:

incidents involving PHI report to:UMHS-Compliance-IT-Sec@med.umich.edu
incidents involving human subject research report to: OVPR-IT-Sec@umich.edu

Alert business owners and leadership, advising them to keep all details confidential until further notice.When you report an incident, please provide as much information as possible including:

Your name
Department
E-mail address
Telephone number
Description of the IT security problem
Date and time the problem was first noticed (if possible)
Any other known resources affected

IIA will contact the unit and develop a plan for further containment.

For more information on IT Security and incident response, please refer to Information Security Incident Management or SPG 601.25.

When an incident occurs…

Stay calm. There is an established protocol for handling incidents, and IIA is equipped to guide the process.
Sacrifice speed for correctness. Don’t act rashly.
Involve your leadership early. Remind them that all information, especially early in the investigation, should be limited to a need-to-know basis.
Every detail is important. Share everything you know with the IIA incident coordinator(s)

Last modified January 04, 2012
Information and Technology Services General Computing Research, Teaching and Administration Safe Computing Networking & Telecommunications University of Michigan Campus IT Resources NextGen Michigan Office of the CIO IT Policy Stay Connected More U-M Channels » Contact ITS