Incident Response


Incident Response

Guidelines for Reporting Information Security Incidents

This document describes how to identify and report security incidents relating to information systems at UCCS.

What is a Computer Security Incident?

An Information Security Incident is an accidental or deliberate event that causes:

  • unauthorized entry into a computer system
  • unauthorized access, modification or deletion of data
  • disruption of computer or network service
  • loss of data or computer resources

Many information security incidents represent minimal risk and are quickly resolved by campus response teams. Some incidents, however, may place people at risk of identity theft, financial loss, or other harmful consequences. These incidents may also pose significant risk to University services, resources, funding, and external relationships.

Who Needs to Be Told About the Incident?

Contact the UCCS Information Security Office at:  ISO Contact Information.

Do not discuss the incident with anyone other than your department leadership, system administrator or the Information Security Office.  Do not inform the media.  University Communications and Media Relations will handle all public communications about the incident.

The Information Security Office will conduct a preliminary investigation on a potential security incident to determine the seriousness of the situation. This will help us quickly decide the best course of action, and will help prevent false alarms or the propagation of incorrect information about the incident.

What to Do if you Suspect a Computer Security Incident:

  1. DO leave the computer running, so that information about the incident is preserved.
  2. DO put a “DO NOT TOUCH” sign on it.
  3. DO tell your Department Leadership and System Administrator about the incident.
  4. DO contact the Information Security Office immediately.

What NOT to Do:

  1. Do NOT turn the computer off as valuable information about the incident may be lost.
  2. Do NOT attempt to fix or investigate the incident yourself.
  3. Do NOT ask your system administrator or the IT Service Desk to repair or clean the computer.

Reporting an Incident to the Information Security Office

If you suspect that a campus incident is likely to have occurred, information about the incident must be immediately reported to the Information Security Office or to persons designated in the ISO Contact Information page.  The following information should be included in the report of a computer security incident:

  1.  Name, email and phone number of person reporting the incident.
  2.  Brief summary of the incident, including:
    • Symptoms of problem.
    • Date and time detected.
    • Computer or University service involved.
    • Department responsible for the computer or service.
    • Location of the computer or service (building and room number).
    • Type of data on the computer or service involved.
  3.  Potential impacts to individuals, campus operations/resources, etc., if known.
  4.  Any other information that may be helpful in investigating the incident .

Information Security