IT security incidents present a risk to the operation of Flinders University and the University community. It is vital that all IT security incidents and weaknesses are identified and reported to ensure proper management and investigation to lower negative impacts to the University.
How to report security incidents
Any observed security weakness in, or threat to, Flinders University IT services or any known or suspected breach of the Acceptable Use of ICT Resources policy and its associated procedures must be reported as soon as practicable to ITS Client Services:
Phone: extension 12345 (or external 8201 2345)
If you suspect or have witnessed an incident you are expected to do the following:
- Contact ITS Client Services immediately with the following information:
- What is the nature of the incident?
- When did the incident occur and when was it discovered?
- How was the incident discovered?
- Do you suspect the system has been compromised? How many systems are affected?
- Was there any sensitive data resident on the affected systems (student, research, or financial data)?
- If you suspect a system has been compromised disconnect the system from the network - removing the network cable or disable wireless connectivity is the simplest method for doing this (do not power off the system).
- Please take no action other than isolating the system until you have communicated with Client Services or ITS Security Services.
Do not attempt any system remediation such as performing a virus scan without explicit clearance from ITS Security Services. Depending on the nature of the incident, it may be necessary for the ITS Security Services to perform additional analysis of the affected system.
Examples of IT security incidents
Some examples of incidents that should be reported include:
- Access to inappropriate materials or suspected system misuse.
- Theft or loss of any of the organization's equipment including computers, mobile devices, USB storage devices, CDs.
- A University owned computer infected by a virus or other malware.
- Disclosure of a personal FAN to unauthorised people, sharing of a personal FAN or disclosure of passwords.
- Website defacement or suspected system compromise.
- Receiving a 'phishing' email asking for your Flinders University FAN or password.
Depending on the seriousness of an incident ITS Security Services may coordinate the recovery of impacted IT systems or services. As a minimum, once it has been determined that a computer system has been compromised, the following steps must be undertaken:
- All related user passwords on the affected system must be changed (including all user FANs).
- A system may be wiped and rebuilt to ensure that all compromised system components are refreshed and no malicious code or entry exists on a system.
- Users reporting a security incident will be informed of the resolution or outcome of the incident response and recovery after all investigations have been completed.
ITS Security Services must provide clearance to reconnect or use a system that has been part of an incident investigation and recovery (suspected or confirmed).