Incident Reporting and Response
As part of our university’s commitment to fostering a safe and secure learning environment, we want to emphasize the importance of staying vigilant about potential security incidents on campus. Whether you are faculty, staff, or a student, understanding how to report and respond to security incidents is crucial in maintaining the integrity of our university.
What is a Security Incident?
A security incident is an event that may indicate that the university’s information systems are compromised or that they have been breached by an attacker. This can include a variety of scenarios such as phishing attempts, data breaches, loss of devices containing sensitive information, unauthorized access to university systems.
Why Report?
Prompt reporting helps us:
- Contain and control incidents to prevent further damage.
- Eradicate the threat effectively from our systems.
- Recover any affected systems to full functionality.
- Learn from events and improve our defenses against future threats.
How to Report?
If you suspect a security incident:
- Do not panic: Keep calm and collect as much information as possible about what happened.
- Report suspicious email in Outlook: You may report a suspicious email through your email client.
- Preserve evidence: Don’t attempt to fix or meddle with the system as it might complicate matters. Leave everything as it is until help arrives.
Remember – timing is key! The sooner we know about an incident, the quicker we can act.
What Happens After Reporting?
Our dedicated IT Security team will step in:
- Assessment: We’ll assess the severity and impact of the incident.
- Response Plan: Based on assessment results, we’ll develop a tailored response plan.
- Communication: We’ll keep all necessary parties informed while respecting confidentiality requirements.
- Resolution & Recovery: Our goal is swift restoration of normal operations with minimal disruption, while safeguarding our data and resources.
- Post-Incident Analysis: Finally, we’ll analyze what happened and how it was handled to prevent related incidents and improve future responses.
Preventive Measures
To minimize risks:
- Be cautious with emails from unknown sources; when in doubt, forward them to abuse@utk.edu for verification.
- Use complex and unique passwords. Don’t use your UT password for any non-UT service or system.
- Secure sensitive data both physically (locking drawers) and digitally (using encryption, if applicable).
Each one of us plays an essential role in keeping our campus safe from cyber threats. Your prompt actions can make all the difference in protecting yourself and the university.