Procedures for Reporting Security Breaches

 

 

 

 

 

 

 

 

 

 

 

Contents

Overview

The reporting of security problems (breaches and/or potential weaknesses) is a key step toward ensuring a secure environment.  Such security problems must be handled in a timely manner to protect against additional loss of data or service.  Furthermore, it is also critical that as much information be recorded as possible so that all potential risks are investigated.  As such, the College has implemented the following processes for handling security violations. 

 

What should I report?

Examples of potential security breaches and/or weaknesses include, but are not limited to, the following: 

  • Compromised account:  Use of your personal computer account by another individual.
  • Unauthorized use:  Any use of USG services or systems by an unauthorized individual.
  • Denial of service attacks:  Massive amounts of e-mail or other network traffic sent to single systems or individuals.  This is usually done to crash a system or to saturate the capacity of the network.
  • Hacking/cracking:  Malicious attempts at exploiting programmable system details.
  • Hoaxes:  Communications that do directly hard computers but display false messages that harm has been done or will be done.
  • Probes:  Attempts to discover possible weak points in a computer system.
  • Scanning:  Sending a message to each port on a computer, one at a time, to determine if a port is used and can, therefore, be probed for weaknesses.
  • Threatening e-mail:  Messages received that are directly and personally threatening.
  • Virus:  A program that informs a computer by making copies of itself to the limit of available space or by attaching itself to another program and propagating itself when that program is executed.
  • Worm:  A program that can make copies of itself, spreads through connected systems, and uses up resources or causes other damage in affected computers.
  • Any threat to sensitive data:  Student data protected by FERPA, HIPAA data, SSNs, credit card data, sensitive research data. 
  • Production outages due to fire, weather or utility outages

 

How and to whom do I report a problem?

Call the Office of Information Technology and Services (OITS) at 229.391.4850.  Please be prepared to provide the date and time of the incident.  Do not alter any computer settings or files until instructed to do so by OITS.  OITS staff will begin report processing and provide updated information within 24 hours.  A concluding report will be filed with the individual submitting the violation and with the Director of OITS.