”TigerIncident Reporting

Procedure

Information Security Incident Reporting Procedures

Purpose
Information Technology is a critical component of the University’s academic, research, and administrative functions. Despite efforts to minimize risks, Information Security Incidents will occur that jeopardize the confidentiality, integrity, and availability of these resources.  Prompt notification of observed or suspected Information Security Incidents will lessen the impact on systems, services, and people.

 

Scope
These procedures should be used by all Users accessing the University’s IT Resources, and Users supporting the University’s mission, regardless of location or Information System ownership.

 

Procedures
Users are the University’s first line of defense, and recognizing Information Security Incidents is the responsibility of all Users.  For a list of example Information Security Incident types, review Appendix A: Information Security Incident Examples.  Users must report observed or suspected Information Security Incidents to the designated Information Security resources listed below.

 

  • Urgent Reporting
    • An Information Security Incident is in progress, affecting University systems and services, or sensitive Data may be compromised.
      • Call the CCIT Support Center at 864-656-3494
      • Available 24x7x365 for immediate response
  • Normal Reporting
    • Unusual/suspicious activity or general questions.
      • Email the CCIT Support Center at ithelp@clemson.edu
      • Available during normal business hours with a response typically within 24 hours
  • Anonymous Reporting

 

When reporting Information Security Incidents, include as much information as possible, such as:

    • Information Systems involved
    • User Accounts and people affected
    • Physical location the Information Security Incident was observed
    • Time and date the Information Security Incident occurred

 

Additional Resources:
Information Security Policy
Acceptable Use Policy

 

Approval & Revision History:
Reviewed: 10/19/2023
Reviewed by: Office of Information Security

 

Appendix A:
This list is not all inclusive but is intended to provide an understanding of Security Incident types.

Information Security Incident Examples

 

Incident Category

 

 

Definition

 

 

Examples

 

Confidentiality Actual or suspected loss, unauthorized use, or disclosure of confidential Information.
  • Misuse of, access to, or disclosure of Data or Information to an individual without a need to know or for an unauthorized purpose
  • Theft or loss of an unencrypted Computing Device which stores confidential Information
  • Improper classification of Information
  • Improper Information or media disposal
  • Theft of documents or Information, whether in hard copy or electronic form
Integrity Corruption of Information such that it is no longer accurate.
  • Intentional or unintentional Data corruption
  • Unauthorized change to or destruction of University Information or IT Resources.
  • Website defacement.
Availability Inability to access Information for any reason.
  • A denial of service attack
  • Malware that has “locked out” Users of an Information System
  • A service outage or degradation of an Information System
  • Unauthorized destruction of Data
  • Physical damage to or destruction of IT Resources that impact the University’s ability to provide a service
Intrusion An actual, suspected, or attempted Information System intrusion, Information Security weakness, or unauthorized access of IT Resources.   This includes the identification of an Information Security weakness that may facilitate an intrusion.
  • Hacking events including malware, viruses, Trojans, or remote access software
  • Port scanning; attempts to engage in unauthorized Computer Network sniffing, Data capture, reverse engineering, or process tracing
  • Physical intrusion for the purpose of compromising Information Security
Policy Violations Improper usage of Computer Networks or Computing Devices, disregard of policies and standards, or misrepresentation of facts which put Information Security at risk.
  • Falsifying Computer Network credentials to gain access to Information or IT Resources
  • Adding backdoors or non-standard access controls to Information Systems
  • Uploading or publishing Restricted or Confidential information to an unapproved file storage option (e.g., Dropbox)
Vulnerability Defensive measures in an Information System that are diminished, compromised, or lacking.
  • Susceptibility to SQL injection
  • Susceptibility to Cross Site Scripting
  • Susceptibility to Buffer Overflow
  • Lack of password protection