Safe Computing
Home Students Faculty and Staff IT Security Community

Report an IT Security Incident

The types of incidents that units should report include:

  • Unauthorized exposure of private personal information (which may lead to identity theft or misrepresentation)
  • Computer break-ins and other unauthorized use of U-M systems or data
  • Unauthorized changes to computers or software
  • Equipment theft or loss
  • Interference with the intended use of information technology resources

All incidents should be reported to the unit security coordinator designated by your school, college, or department or to your IT department. If you don’t know where to report an incident, please contact security@umich.edu.

Important: If the incident poses any immediate danger, call 911 to contact law enforcement authorities immediately.

This Quick Reference Guide provides a description of the full lifecycle of incident management at U-M and a summary of key actions to be taken by unit and IIA staff.

Report an IT Security Incident: Unit Security Coordinators

Please follow these guidelines if an IT Security Incident occurs:

First Ten Minutes

Determine the severity of the incident.
In the case of a serious incident, please note that continued interaction with a compromised machine can severely affect later forensic analysis. When an incident is discovered, the unit should:

CONTAIN THE INCIDENT BY:

  • Restricting network access
  • Disabling all remote access
  • Keeping the machine out of use

 AND NOT:

  • Run the anti-virus software
  • Power down the machine
  • Attempt any kind of unilateral mitigation process

First 24 Hours

Report all serious incidents to: security@umich.edu, except:

Alert business owners and leadership, advising them to keep all details confidential until further notice.When you report an incident, please provide as much information as possible including:

  • Your name
  • Department
  • E-mail address
  • Telephone number
  • Description of the IT security problem
  • Date and time the problem was first noticed (if possible)
  • Any other known resources affected

IIA will contact the unit and develop a plan for further containment and mitigation.

For more information on IT Security and incident response, please refer to Information Security Incident Management or SPG 601.25.

When an incident occurs…

  • Stay calm. There is an established protocol for handling incidents, and IIA is equipped to guide the process.
  • Sacrifice speed for correctness. Don’t act rashly.
  • Involve your leadership early. Remind them that all information, especially early in the investigation, should be limited to a need-to-know basis.
  • Every detail is important. Share everything you know with the IIA incident coordinator(s)

Cyber Risk Insurance Coverage

Due to the nature and complexity of operations and the academic culture of open access, educational institutions--in particular large research universities like U-M--face unique exposures related to the Internet and information security and privacy. Even with the best security practices in place, there are still significant risks associated with guaranteeing the private information of members of the U-M community as well as other costs connected to data breaches or cyber attacks.

The Office of Risk Management provides cyber risk insurance coverage to U-M units. IIA is the liaison to Risk Management with respect to initiating claims under this coverage.

What is covered by U-M cyber risk insurance:

First Party Coverage
(University of Michigan losses)

Business Interruption University expenses for lost income from an interruption to a University computer system as a result of a network security breach
Data RecoveryUniversity expenses to recover data damaged on a computer system as a result of a failure of security
Cyber ExtortionPayments made to a party threatening to attack an insured's computer system in order to avert a cyber attack
Media ContentPrivacy violations related to use/monitoring of social media such as Facebook, blogs, podcasts, etc.
Crisis ManagementFirst-party expenses to hire a public relations firm
Notification/Credit Monitoring CoverageUniversity expenses to comply with Privacy Law notification and Privacy Law Credit Monitoring requirements

Third Party Coverage
(Damages to others)

Privacy LiabilityProvides liability coverage if the University's computer system fails to prevent a:
  • Security Breach or a Privacy Breach
  • Unauthorized Access/Use
  • Introduction of Malicious Code
Network SecurityProvides liability coverage if the University fails to protect electronic or non-electronic information in its care custody and control.
  • Identity Theft
  • Regulatory Actions: Coverage for lawsuits or investigations by Federal, State or Foreign regulators relating to Privacy Laws

As with most types of insurance, some exclusions apply. Some claims may also fall under other categories of insurance coverage; the Risk Management Office will make such a determination.

Claim Reporting

A university unit affected by a security incident that is potentially covered by this insurance coverage need only follow the incident reporting instructions provided above. IIA will notify Risk Management of a security incident as soon as possible after discovery. Once Risk Management has determined that there is a valid claim, it will be reported to the insurance company and continue to act as a liaison between the unit and the insurance company until settlement of the claim is finalized.

For help:

For assistance with a claim that has already been filed or more information regarding cyber risk insurance, contact U-M Risk Management Office, 734-2200.