Home Reporting an IT Security Incident
Report an IT Security Incident
The types of incidents that units should report include:
All incidents should be reported to the unit security coordinator designated by your school, college, or department or to your IT department. If you don’t know where to report an incident, please contact email@example.com.
Important: If the incident poses any immediate danger, call 911 to contact law enforcement authorities immediately.
Report an IT Security Incident: Unit Security Coordinators
Please follow these guidelines if an IT Security Incident occurs:
First Ten Minutes
Determine the severity of the incident.
First 24 Hours
Report all serious incidents to: firstname.lastname@example.org, except:
Alert business owners and leadership, advising them to keep all details confidential until further notice.When you report an incident, please provide as much information as possible including:
IIA will contact the unit and develop a plan for further containment and mitigation.
When an incident occurs…
Due to the nature and complexity of operations and the academic culture of open access, educational institutions--in particular large research universities like U-M--face unique exposures related to the Internet and information security and privacy. Even with the best security practices in place, there are still significant risks associated with guaranteeing the private information of members of the U-M community as well as other costs connected to data breaches or cyber attacks.
The Office of Risk Management provides cyber risk insurance coverage to U-M units. IIA is the liaison to Risk Management with respect to initiating claims under this coverage.
What is covered by U-M cyber risk insurance:
First Party Coverage
|Business Interruption||University expenses for lost income from an interruption to a University computer system as a result of a network security breach|
|Data Recovery||University expenses to recover data damaged on a computer system as a result of a failure of security|
|Cyber Extortion||Payments made to a party threatening to attack an insured's computer system in order to avert a cyber attack|
|Media Content||Privacy violations related to use/monitoring of social media such as Facebook, blogs, podcasts, etc.|
|Crisis Management||First-party expenses to hire a public relations firm|
|Notification/Credit Monitoring Coverage||University expenses to comply with Privacy Law notification and Privacy Law Credit Monitoring requirements|
|Privacy Liability||Provides liability coverage if the University's computer system fails to prevent a:
|Network Security||Provides liability coverage if the University fails to protect electronic or non-electronic information in its care custody and control.
As with most types of insurance, some exclusions apply. Some claims may also fall under other categories of insurance coverage; the Risk Management Office will make such a determination.
A university unit affected by a security incident that is potentially covered by this insurance coverage need only follow the incident reporting instructions provided above. IIA will notify Risk Management of a security incident as soon as possible after discovery. Once Risk Management has determined that there is a valid claim, it will be reported to the insurance company and continue to act as a liaison between the unit and the insurance company until settlement of the claim is finalized.
For assistance with a claim that has already been filed or more information regarding cyber risk insurance, contact U-M Risk Management Office, 734-2200.
|Last modified August 13, 2014|