A security incident refers to any event in which electronic data may be accessed, disclosed, altered, or destroyed by an unauthorized individual. Theft or loss of a computer or storage device, interception/stolen login credentials (e.g. Email phishing, keystroke logger), or the presence of a ‘hacker/threat actor’ on a computer system, server and/or network are all examples of security incidents. 

Any employee who becomes aware of a possible security incident must immediately inform their supervisor and the campus specific IT Service Desk. The service desk will immediately notify OCIO Security which will activate the applicable incident response protocol.

IT Service Desk contact information: 

St. John's Campus (709) 864-4595 

Marine Institute (709) 778-0628

Grenfell Campus (709) 639-2049 

If the system in question is powered on and running, do not shut it down; doing so will destroy whatever evidence currently resides in volatile memory. Refrain from using the system unless directed by OCIO Security. Instead unplug the systems' network cable or switch off the wireless adaptor if the system is wirelessly networked. Doing so will have the desired effect of limiting the incident without destroying whatever evidence currently resides in volatile memory.

Suspected security incidents can be stressful, and stress can lead to panic and confusion. After isolating the affected system and informing the IT Service Desk, take a moment to document whatever details lead you to believe an incident has occurred, e.g., missing files, suspicious new files, strange programs running, where the device was last seen, etc. Doing so may aid in the investigation.