Page Menu

Security Incident Reporting Procedures

Report all suspected or confirmed Security Incidents Immediately!

The UMass Chan Medical School Information Security (IT) Help Desk should be notified immediately of any suspected or confirmed Security Incident involving UMass Chan Technology Assets or UMass Chan information in electronic or hardcopy format.

A UMass Chan Information Technology Asset includes any system or systems that process, stores or transmits UMass Chan information. This includes hardware, software, networking equipment, and any data on these systems. Such assets include but are not necessarily limited to desktop computers, laptops, mobile devices, servers, printers, telephones, network lines, E-mail and web based services. Hardcopy data which includes sensitive or protected information must also be reported if lost or stolen.

Security Incident – an incident meeting one or more of the following conditions:

  • Any potential violation of Federal law, Massachusetts law or UMass Chan Policy involving a UMass Chan Information Technology Asset or sensitive or protected information in any form
  • A breach, attempted breach or other Unauthorized Access of a UMass Chan Information Technology Asset. The incident may originate from the UMass Chan network or an outside entity and generate from the following:
    • External/Removable Media: An attack executed from removable media (e.g., flash drive, CD) or a peripheral device.
    • Attrition: An attack that employs brute force methods to compromise, degrade, or destroy systems, networks, or services
    • Web: An attack executed from a website or web-based application.
    • Email: An attack executed via an email message or attachment.
    • Improper Usage: Any incident resulting from violation of an organization’s acceptable usage policies by an authorized user, excluding the above categories.
  • Any Internet worms or viruses
  • Any conduct using in whole or in part a UMass Chan Information Technology Asset which could be construed as harassing, or in violation of UMass Chan Policies
  • The loss or theft of a UMass Chan computing device (including desktop, laptop computers and mobile devices) or the loss of any personal computing device containing UMass Chan information

Unauthorized Access - Any action or attempt to utilize, alter or degrade a UMass Chan-owned or operated Information Technology Resource in a manner inconsistent with UMass Chan policies.

Reporting a Security Incident:

UMass Chan IT Help Desk staff should be notified immediately of any suspected or confirmed Security Incident involving a UMass Chan Information Technology Asset. If after normal operating hours, UMass Chan Campus Police should be notified (number). If it is unclear as to whether a situation should be considered a Security Incident, UMass Chan Information Security staff may be contacted to evaluate the situation.

Special Consideration for Lost or Stolen Computing Devices:

In the event that a UMass Chan computing device (including mobile devices such as laptops and smart phones) or personal device containing UMass Chan information is lost or stolen UMass Chan Campus Police should be notified immediately. Campus Police will bring in UMass Chan Information Security to assist in required investigation and forensics activity.

With the exception of steps outlined below, it is imperative that any investigative or corrective action be taken only by IT Information Security personnel. When faced with a potential situation involving a suspected or actual breach or virus or malware infiltration, UMass Chan faculty and staff should do the following:

  • If the incident involves a compromised computer system, do not alter the state of the computer system. The computer system should remain on, and all currently running computer programs should be left as is. Do not shutdown the computer or restart the computer.
  • Immediately disconnect the computer from the network by removing the network cable from the back of the computer.
  • Report the security incident.

 

Security Incidents involving possible violation of Federal or state law should be immediately reported to the UMass Chan Campus Police. UMass Chan Campus Police will work with IT Information Security staff and other law enforcement agencies as necessary to help resolve the incident.

IT Information Security staff will first determine if the Security Incident justifies a formal incident response. In cases where a Security Incident does not require an incident response, the situation will be forwarded to the appropriate area of IT to ensure that all technology support services required are rendered.

An incident response may range from getting a critical system back online, gathering evidence, taking appropriate legal action against individual(s), or in some cases notifying appropriate ISP's or other third parties of inappropriate activity originating from their network.