Guidelines for Internal Reporting of Information Security Breaches
• Public Safety Office: 458-8999
• Information Security Program Coordinator: Scott Dittman, University Registrar, 458-8452, firstname.lastname@example.org
• Information Security Officer: Dean Tallman, Director Enterprise Applications and ITS Security, 458-8089, email@example.com
1. What constitutes a "breach?"
Think of the term "breach" in fairly broad terms. A "breach" includes any situation that does or likely could involve the unauthorized release, disclosure, loss, or theft of confidential information, whether known or suspected, accidental or intentional.
2. Whom should I contact in the event that printed information is involved in a breach of security?
Report any known or suspected breach of printed information to the University's Information Security Program Coordinator (contact information above).
3. Whom should I contact in the event that electronic information is involved in a breach or an electronic device is lost/stolen?
Report any known or suspected breach of electronic information or loss/theft of an electronic device (e.g., university-owned cell phone, computer, jump-drive) to the University's Information Security Officer (contact information above).
4. Whom should I contact in the event of a physical theft?
Report all physical thefts to Public Safety, to the Information Security Program Coordinator, and, if applicable, to the Information Security Program Coordinator and/or the Information Security Officer as noted above.
5. What happens after I initially report a breach?
Depending on the nature of the actual or suspected breach, the person you contact will usually request more information from you about the circumstances surrounding the breach. If necessary, the University's Information Security Program (ISP) Committee will be notified and may meet to recommend a course of action to the Provost.