Incident Response - Reporting
When and how any UWO employee should report a possible information security incident
Incident Response Reporting for all UWO Employees
Incident response requirements and activities vary, based upon the nature of the incident. Detailed information on appropriate actions for the varying incident types are identified below.
I. ALL UW EMPLOYEES ARE RESPONSIBLE FOR THE FOLLOWING:
Reporting all lost or stolen assets, including personally owned devices which contain UW Oshkosh owned data and information.
Reporting physical intrusion into secure areas.
Discovery of malware or unauthorized access to information assets
In all of the situations identified above, the employee should contact their supervisor and the Help Desk as soon as possible, to report the suspected information security incident.
II. PERSONALLY OWNED DEVICES USED FOR UWSA BUSINESS:
If UW Oshkosh employees have UWO High Risk data or Moderate Risk data stored on personally-owned computers, devices, or media, UWO needs to know about incidents involving theft of UWO data.
Reporting incidents involving UWO High Risk data and Moderate Risk data is mandatory. Please consider this carefully when deciding whether to use personal equipment for UWO business.
Based upon type of incident, use the appropriate procedure below to report incidents involving UWO owned or personally-owned computers, smartphones, devices or media that contain UWO High Risk data or Moderate Risk data.
III. LOST OR STOLEN ASSETS:
If theft of computers, devices or media is observed or suspected:
Always report theft as soon as possible. Theft should be reported regardless of the type of data present.
Always report loss as soon as possible. Do not wait, in anticipation of the lost item potentially being returned.
Preserve physical evidence. Disturb as little as possible.
Contact university police department. If you are unable to contact local university police department, immediately contact local law enforcement and follow up by informing local campus police as soon as possible.
If theft is in progress, get to a safe place and dial 911.
Immediately report the incident to your supervisor and to the Help Desk.
IV. IF PHYSICAL INTRUSION INTO SECURE AREAS IS OBSERVED OR SUSPECTED:
If a physical intrusion is in progress, get to a safe place and dial 911.
Always report physical intrusion into secure areas to the UWO Police department. Physical intrusion into secure areas should be reported regardless of the type of data present.
Preserve evidence by disturbing as little as possible. Do not use or turn off any related computer, device, service, or resource, nor dispose of any related media. Preserve physical evidence of theft or physical intrusion.
Physical intrusion could result in unauthorized access to one or more systems in the affected area and should be treated accordingly. For general circumstances where it is reasonable to believe that High Risk or Moderate Risk data may have been accessible, or accessed by unauthorized persons, alert your supervisor as soon as possible.