Information Technology Security Incident Reporting
Policy Statement
The following procedures establish responsibility for reporting and responding to security incidents involving Eastern Illinois University’s information technology resources, computers, networking systems and data, collectively defined here as "EIU Technology and Services". When information security incidents occur, it is necessary to be aware, document, notify and act quickly.
If a suspected breach or security incident has occurred, individuals should initially attempt to contact IT Security Officer (217)581-1939, Executive Director for ITS (217)581-1942 or EIU ITS Help Desk at (217)581-HELP. If not available, please email ticket_infosec@eiu.edu with the information:
- Contact information
- The college or department involved
- A brief description of what happened
- A general description of the type of data
- A general description of the impact of the incident
Information Security Incident Response
Information technology security incident is an event that attempted or successful unauthorized access, use, disclosure, modification or destruction of information or interference with system operations in an information system. Security incident also means the loss of data through theft or device misplacement, loss or misplacement of hardcopy documents, or compromise of physical security, all of which may have the potential to put the data at risk of unauthorized access, use, disclosure, modification or destruction.
The following individuals/teams are involved in incident response and may include overlapping members or may be made up of different members that will handle security incidents:
- IT Security Officer - The individual responsible for monitoring, evaluating. and determining the appropriate response to incident reports. The IT Security Officer coordinates incident investigation implements the Information Technology Security Incident Response Plan.
- IT Security Incident Team - This team performs specific investigative, containment, eradication, recovery, and follow-up steps. This team should consist of technology and functional specialists from various units in disciplines that may include:
- A representative from the site/area where the security incident is suspected (e.g. department head, web administrator, network administrator, etc.)
- Staff knowledgeable about or considered experts in the type of suspected incident
- Computer forensic specialists
- Data security personnel
- Personnel responsible for the physical security of a site under investigation. This is especially important if the area is secured by alarms or other physical controls
- Other personnel determined at the time to be necessary to complete the incident determination, investigation, containment, and/or eradication.
Information Technology Security Incident Reporting
Suspected or actual incidents of loss, inappropriate disclosure, or inappropriate exposure of information whether in printed, verbal, or electronic form including but not limited to those incidents involving the following information, systems, or processes:
- Critical information such as individually identifiable health information, credit card numbers, Social Security numbers, driver’s license numbers, or bank account numbers.
- Lost or stolen mobile devices or media such as laptops, tablets, smart phones, USB drives, and flash drives.
- Viewing of information without a demonstrated need to know.
- Abnormal systematic unsuccessful attempts to compromise information whether in printed, verbal, electronic form, or in information systems, such as:
- Abnormal unsuccessful login attempts, probes, or scans.
- Repeated attempts by unauthorized individuals to enter secured areas.
- Suspected or actual weaknesses in the safeguards protecting information whether in printed, verbal, or electronic form or information systems used, such as:
- Weak authentication processes.
- Ability to access information you are not authorized to access.
- Weak physical safeguards such as locks and access controls.
- Lack of data secure transport methods.
Any individual or group who in the course of using EIU Technology and Services observes an information technology security incident shall report that incident. If a suspected breach or security incident has occurred, individuals should initially attempt to contact IT Security Officer (217)581-1939, Executive Director for ITS (217)581-1942 or EIU ITS Help Desk at (217)581-HELP.
Criminal Activity
Suspected criminal activity involving EIU Information Technology Resources and Systems shall be reported to the Eastern Illinois University Police. Such activity includes but is not limited to, computer theft, credit card theft. Criminal activity can be reported in person at EIU Police offices or by telephone (217)581-3213. Notification of crimes in progress or other emergencies dial 9-1-1.
In accordance with the “Illinois Child Online Exploitation Reporting Act” (325 ILCS 47/) any Eastern Illinois University’s employee who in the course of their duties for the University installs, repairs or services information technology resources or systems, discovers any depiction of child pornography shall immediately report that discovery to the EIU Police at (217)-581-3212. EIU Police will contact ITS and other proper channels.
Copyright and Intellectual Property
Suspected violations of copyright and intellectual property rights shall be reported to the University Digital Millennium Copyright Act (DMCA) agent to the IT Security Officer (217)581-1939.
Data Classification
Following the data classification guidelines in policy: https://www.eiu.edu/panthertech/policies_classification.php
If the incident involves data with the classification of “Internal” or “Confidential” do the following:
- Individuals should initially attempt to contact IT Security Officer (217)581-1939, EIU ITS Help Desk at (217)581-HELP or contact Executive Director for ITS (217)581-1942.
- Take immediate action to contain the incident.
- Document the incident by using techsupport.eiu.edu or emailing ticket_infosec@eiu.edu
- Notify the appropriate college, department, or unit administrator that an incident has occurred and that the IT Security Officer has been contacted.
- Refrain from discussing the incident with others until contacted by the IT Security Officer.
If the incident involves data with the classification of "Public" and does not seriously impact individuals or the university do the following:
- Repair the system and restore service.
- Document the incident by using techsupport.eiu.edu or emailing ticket_infosec@eiu.edu.
If the classification of the information system or resource is not known, follow the procedures for "Internal".
Last Date Reviewed: 06/13/2024