Information Security Incident Response & Reporting Procedures
All suspected information security incidents must be reported promptly to the appropriate university office or party.
What to Report
- Any event in which access to University data might have been gained by an unauthorized person
- Any event in which a device containing University information has (or might have been) lost, stolen or infected with malicious software (viruses, Trojans, etc.)
- Any event in which an account belonging to a person that has access to the data might have been compromised or the password shared with unauthorized person (responding to phishing emails, someone shoulder surfing and writing down your password, etc.)
- Any attempt to physically enter or break into a secure area where University data is or might be stored
- Any other event in which University data has been or might have been lost or stolen
- Any event in which University information system policies, standards, or practices are violated
Reporting and Responding to IT Security Incidents
- Should attempt to stop any IT security incident as it occurs.
- First, DO NOT TURN OFF OR UNPLUG POWER TO THE COMPUTER.
- Second, unplug the network cable from the back of the computer and turn off any wireless internet connection.
- Report IT security incidents to the appropriate OUHSC campus IT Service Desk or Tier 1. The Service Desk will help you assess the problem and determine how to proceed.
- Oklahoma City campus IT Service desk: firstname.lastname@example.org, (405) 271-2203 or Toll Free (888) 435-7486
- Tulsa campus IT Service desk: ou.edu/tulsa/it/help
- Following the report, individuals must comply with directions provided by IT Support staff or IT Security to repair the system, restore service, and preserve evidence of the incident.