Computer Security Incident FAQs
Security Incident FAQ Main Page
Security Breach Procedures
What happens when my computer's security
If PNPI is present, send an e-mail to firstname.lastname@example.org. You are required to preserve all information related to the breach. Nothing is to be removed or altered as to make it impossible to know whose Social Security or credit card numbers, or other high risk personal information might have been taked (e.g., data files, system logs and other data that might be useful in investigating the extent of PNPI stolen during the breach).
A consultant from IT-User Services will be referred to the case to conduct an assessment of the incident to investigate the likelihood that high risk PNPI was viewed and/or taken as a result of the security breach, verify the system has been cleaned thoroughly (so leftover backdoors, etc. don't cause repeat incidents), suggest alternatives to SSNs and confirm the nature and extent of high risk PNPI reportedly stored on the system. See University Policy 1-22 Personal Non-Public Information Policy for more information.
To ensure that high risk PNPI is not repeatedly exposed, ports will remain off until IT User Services assessment is complete.
If, based on the consultant's investigation and conclusions, PNPI was likely viewed and/or taken, UD IT will formally advise the department of its responsibilities to notify affected individuals, and inform the Vice President of IT, Executive Director of NSS and Public Relations.
The Dean or Vice President to which the department reports will be informed by the department.
The department will work with their Dean or Vice President and the Office of Public Relations to provide notification.
Return to Computer Security Incident FAQs
Questions / comments?