Cybersecurity Incident Reporting

Cybersecurity Incident Response Procedure

Many staff and researchers are unsure of what to do or who to contact when suspect emails or issues arise on their systems, and they often reach out to the staff in the Research IT Unit. This has normally occurred through email, however, to provide a more structured cybersecurity response for those needing to contact support staff the Research IT Unit developed the below incident response type in the Fresh Service ITSM. This can be reached from our Fresh Service portal service catalog and is a high visibility button on the main page.

Once the incident is submitted, it is routed as high priority to our main support team and an email is sent to our leadership team comprised of the Senior Director, Team Leads for our Endpoint Support & Network Services and Application Infrastructure & Technical Solutions Teams.

Once contact is made with the requester to evaluate the issue, a determination is made if the issue needs further escalation to the DoIT cybersecurity incident response process or if the issue can be addressed and resolved by the Research IT staff. Appropriate next steps are taken to resolve, notify or escalate the issue.

Specifically, this is also intended for researchers who are using our Secure Enclave and may need to report a potential cybersecurity incident in that environment. This process was put in place for the purpose of having clear understanding for how researchers could report issues dealing with cybersecurity in the Secure Enclave, or other secure areas across campus, such as labs, where the cybersecurity response needs to be known and identified clearly.

From the main portal page there is a button for the reporting of a cybersecurity incident. Click that button to start the process for reporting an incident.

Button Image

Below are screenshots of sample data of the questions on the ticket. Please do your best to fill out the ticket request. Click "Place Request" when you are finished. This will be set as Urgent and High Priority. Additionally, an email will be sent to the Senior Director of Research IT and the Leads in the Unit. Your cybersecurity issue will be escalated and responded to and it will be put at the top of the ticket queue.