Web U-M ITSS only
page-bannerNone
ITSS Home ITSS Information for Students ITSS Information for faculty and staff ITSS Information for IT Professionals
Events
Training
Services
Tools & Tips
Resources
Report an IT Security Incident
About ITSS
Contact Us
ITSS Home Reporting an IT Security Incident

Reporting an IT Security Incident: Users

The types of incidents that you should report include:

  • Unauthorized exposure of private personal information (which may lead to identity theft or misrepresentation)
  • Computer break-ins and other unauthorized use of U-M systems or data
  • Unauthorized changes to computers or software
  • Equipment theft or loss
  • Interference with the intended use of information technology resources

Please report all incidents to the unit security coordinator designated by your school, college, or department or to your IT department. If you don’t know where to report an incident, please contact security@umich.edu.

Important: If the incident poses any immediate danger, call 911 to contact law enforcement authorities immediately.

Reporting an IT Security Incident: Unit Security Coordinators

Please follow these guidelines if an IT Security Incident occurs:

First Ten Minutes

Determine the severity of the incident.
In the case of a serious incident, please note that continued interaction with a compromised machine can severely affect later forensic analysis. When an incident is discovered, the unit should:

CONTAIN THE INCIDENT BY:

  • restricting network access
  • disabling all remote access
  • keeping the machine out of use

 AND NOT:

  • run the anti-virus software
  • power down the machine
  • attempt any kind of unilateral mitigation process

First 24 Hours

Report all serious incidents to: security@umich.edu, except:

Alert business owners and leadership, advising them to keep all details confidential until further notice.When you report an incident, please provide as much information as possible including:

  • Your name
  • Department
  • E-mail address
  • Telephone number
  • Description of the IT security problem
  • Date and time the problem was first noticed (if possible)
  • Any other known resources affected

ITSS will contact the unit and develop a plan for further containment. For a description of the full lifecycle of Incident Management, or to provide a reference guide to your business partner, see the Incident Response Quick Reference Guide.

For more information on IT Security and incident response, please refer to Information Security Incident Management or SPG 601.25.

When an incident occurs…

  • Stay calm. There is an established protocol for handling incidents, and ITSS is equipped to guide the process.
  • Sacrifice speed for correctness. Don’t act rashly.
  • Involve your leadership early, reminding them that all information, especially early in the investigation, should be limited to a need-to-know basis.
  • Every detail is important. Share everything you know with the ITSS incident coordinator(s)
Last modified May 28, 2008