What is an Information Security Incident?
A Security Incident is a violation of computer security policies, acceptable use policies, or standard computer security practices. An "IT security incident" could:
- Result in misuse of confidential information (social security number, grades, health records, financial transactions, etc.) of an individual(s).
- Jeopardize the functionality of the University’s IT infrastructure.
- Provide unauthorized access to university resources or information.
Examples of Information Security Incidents include:
- Hacking a University system
- Using University IT resources to hack into any non-University computer system
- Using University IT resources to harass or threaten someone
What to do when you suspect a security incident
If you suspect an IT security incident, immediate action should be taken to isolate the problem from the campus network.
- Disconnect the computer from the campus network to stop any potentially threatening activity. If possible, the system should be left on as it may contain important information needed for proper incident response.
- Contact your system administrator or designated IT support person.
- Send an email regarding the incident to security@mtu.edu. The email should contain as much of the following information as possible:
- A description of the incident
- Any steps that have been taken to correct or isolate the incident
- Any other IT professionals that have been contacted regarding this incident
If there is a computer involved:- The name of the computer
- It's internet IP address
- What operating system it runs (Windows, Mac OS, Linux, etc)
- The physical location of the system or event
If there is email involved:
- A copy of the email with as many headers as possible (To, From, Subject, Date)