Overview

• Security Policies
• Awareness & Education Topics
• Tools & Instructions

Incident Response

• What Is a Security Incident?
• Incident Response Protocol
• Data Breach Notification
• Copyright Complaint
• Harassment

Help & Support

• Technical Support
• Contact Information
• Technical Listservs
• Learning Opportunities

About Us

• Charter

Office of Information Technology (OIT) > Security Information for IT Professionals > What Is a Security Incident?

What Is a Security Incident?

A security incident is a computer, network, or paper based activity which results (or may result) in misuse, damage, denial of service, compromise of integrity, or loss of confidentiality of a network, computer, application, or data; and threats, misrepresentations of identity, or harassment of or by individuals using these resources.

Examples

Examples of incidents to report include:

• Root-level attacks on networking infrastructure, critical systems, or large, multi-purpose or dedicated servers
• Compromise of privileged accounts on computer systems
• Denial-of-service attacks on networking infrastructure and critical systems
• Attacks launched on others from within umn.edu
• Compromise of individual user accounts or desktop (single-user) systems
• Scans of University systems originating from the Internet
• Spam and mail forgery that originates from, or is relayed through umn.edu
• Viruses, Worms and Trojan Horses
• Threats to individuals (only in conjunction with law enforcement)
• Disclosure of protected data, including paper disclosure, e-mail release or inadvertant posting of data on a web site
• Suspected information technology policy violation

For additional examples, see Examples of Reportable Security Incidents on the UWide Policy Library site.

Prohibition of these activities is covered in the Acceptable Use of Information Technology Resources Policy.

Why Should You Care?

Security incidents may expose University data—and data about members of the University community—to potential deletion, modification, or unauthorized release. Federal and state law protects some data, some data is critical to the University's mission and business, and all data is important to the owners. Security incidents may involve the University in threats to people and resources outside the University, for which the University may be liable. In addition, many security incidents can deny authorized users access to the resources they need.

Recognizing Network Attacks

A network attack is a threat, intrusion, denial-of-service, or other attack on network infrastructure, computer system(s), or user account(s). Symptoms include

• changes on a computer that were not made by the owner, such as files erased or changed and programs running that the owner didn't start
• if the computer is operating much slower than usual, but only when plugged-in to the network/Internet

Rarely are network attacks directed at individuals. More often, attackers are searching for an easily compromised computer from which to launch another attack.

For information about how students, faculty, and staff can protect their computers from these and other security threats, see Safe Computing.