One Step Ahead: Why Should You Report Security Incidents? And How Do You Report One? |
|
February 25, 2014, Volume 60, No. 24 |
Another tip in a series provided by the
Offices of Information Systems & Computing and Audit, Compliance & Provacy
An information security incident is any event which compromises the integrity of Penn’s information or systems. This might include someone hacking into a computer, stealing of passwords through phishing or social engineering, a lost or stolen device, theft or accidental sharing of private information.
If data is lost or stolen it’s imperative for you to report the incident so that the University may assess whether a breach has occurred and whether notification is needed.\
The first thing to remember is, don’t panic. Start off by alerting your Local Support Provider (LSP) as soon as you know about the incident. They in turn will immediately notify the Information Security office.
If it’s determined that confidential University data was involved then an incident response team will come together to assess, contain and share any tips for preventing a similar incident in the future.
The Information Systems Security Incident Response Policy can be found here:
www.upenn.edu/oacp/privacy/assets/pdf/20070103-secincidentresp.pdf
For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/ |