Related Links
 Computer Incident Response Team (CIRT) Process
 Menu: Security
 Departments
 ACS
 ACT

 Blink Home > Technology > How to Report a Computer Security Incident
How to Report a Computer Security Incident  
 
Summary: If you are a system administrator, follow these steps to work with the Computer Incident Response Team (CIRT) and help:
  • Manage security incidents at UCSD
  • Combat rising security and accountability risks
  • Reduce associated costs
If you are not a system administrator and suspect a violation of your computer's security, contact your department's technical support person immediately. After hours, call the ACT Help Desk, (858) 534-1853.
What to do How to do it
1 Don't touch the machine or system.
  1. Do not turn off the machine.
  2. Do not remove the machine from the network.
  3. Do not look at the system to see what files are on it, or what might have been touched.
2 Find out what constitutes a security incident.
  1. A security incident occurs when an unauthorized entity gains access to UCSD computing or network services, equipment, or data.
  2. Review typical situations:
    • You detect or get a report of a physical or criminal act, such as theft of a laptop, desktop computer, or PDA.
    • A law enforcement representative contacts the University regarding a security incident.
    • You suspect that a computer or other network device may have been compromised to allow the viewing, transferring, or alteration of student data, personal information, medical data managed under HIPAA, or other legally regulated data.
    • You suspect a security problem with a desktop workstation and the person using the workstation:
      • Works with personnel or financial data
      • Connects to UCSD business databases (because the password may have been revealed, exposing this data)
      • Works with personal information used for medical services or human subjects
      • Submits student grades
    • You suspect that a multi-user machine, a file, or a Web server may have been jeopardized.
  3. Consider other questionable circumstances:
    • Disruptive virus or Denial of Service (network is flooded with traffic) attacks are not security incidents because no unauthorized access was achieved.
    • An unsuccessful attempt may not be a security incident, but may warrant investigation and action by the system administrator or the system's owner.
3 Request assistance from UCSD's Computer Incident Response Team (CIRT).
  1. Report any incident you consider a possible threat.
    • Contact the ACT Help Desk, (858) 534-1853. The Help Desk will contact the on-call CIRT representative, who will respond.
Note: The earlier you contact CIRT, the more likely it is that CIRT will be able to help.
4 Cooperate with CIRT.
  1. CIRT will work with you to:
    • Preserve and use forensic evidence to discover the extent of the intrusion
    • Determine and minimize risk and the possibility of future risk to the University
    • Provide and maintain smooth and consistent interaction with law enforcement and University management

    Note: CIRT cannot assist with cleanup and data recovery, except as they pertain to the situations above.

  2. Learn about the CIRT process for dealing with security incidents.


Questions? E-mail CIRT for more information.


  Print
Print this page		   Email
Share this page		   Add to MyBlink
Save this link		   Get notified when this page is updated
Notify on change		   Add a sticky note to this page
Add a note		  
Get what you wanted?    yes   no   Comments.
Last reviewed/updated on Oct. 01, 2007 (see more info)
Blink A-Z Index:   0-9  A B C D E F G H  I  J K L M N O P Q R S T U V W X Y Z 


Blink Home  Site Map  Help  Accessibility Tips  Privacy Statement  Content Manager  RSS Feed 


Copyright ©2008 Regents of the University of California. All rights reserved.
Official Web Page of the University of California, San Diego

Blink version 1.7 12-17/2007 Blink Usability Group