Security Incident Response
If your issue concerns someone's physical safety, please call the Department of Public Safety at 401-232-6001 or 401-232-6911 (Emergency).
The University Incident Response Plan addresses events affecting any University information technology resource which may negatively impact the confidentiality, integrity, and/or availability of the resource. The Incident Response Plan provides a framework within which incident response handlers can work to ensure a complete and consistent approach to security incidents.
The Incident Response Plan is primarily for University departmental contacts and information technology personnel with direct involvement in the identification and resolution of security incidents on the systems, data, and applications which they manage.
Faculty and Staff
An Information Security Incident is a violation or imminent threat of violation of computer security guidelines, acceptable use guidelines, or University computer security practices. Incidents that should be reported include, but are not limited to:
- Attempts (either failed or successful) to gain unauthorized access to a system or its data;
- Theft or other loss of a laptop, desktop, PDA, removable media, or other device that contains University information, whether or not such device is owned by the University;
- Unwanted disruption or denial of service;
- Unauthorized use of a system for processing or storing data;
- Changes to system hardware, firmware, or software characteristics without the owner's knowledge, instruction or consent;
- OR, a Non-electronic Information Security Incident: real or suspected theft, loss or other inappropriate access of physical content, such as printed documents and files.
It is the responsibility of the employee who discovers a security incident to immediately notify his or her supervisor and to report the incident to the Information Security Office. Timely reporting allows the Information Security team to determine if further investigation is necessary, and limits any further damage or loss of data.
When reporting an incident, keep in mind...
- The individual reporting the incident should expect inquiries from the Information Security Office.
- The Information Security Office will update the reporting individual with any specific incident information or procedures pertaining to the incident.
- The reporting individual should understand that the incident is being assessed and any information pertaining to the incident is confidential and should not be shared.