Information Resources and Communications
 About IR&C  |  Services  |  Resources  |  What's New  |  Search  |  Home 

    Reporting Security Incidents

    Anyone who experiences a security-related incident must consider whether to report it. In general, managers need to know about any threat to UCOP information assets and electronic resources, but not every occurrence may need to be reported. For example, while it is not necessary to report every instance of a virus-infected e-mail, it is important for managers to know that such e-mail is being received so that they may assess the problem and develop a remedy. As a general rule, ALL incidents should be reported first to your supervisor.

    Protect Information Assets

    Secure Your Computer

    Report Security Incidents

    Protect Restricted Data

    Unsafe Practices

    UCOP Policies

    Universitywide Policies

    IR&C Security Initiative

    Support Contacts

    About This Site

    Security Web Home

      WHAT TO REPORT - WHO TO REPORT TO

      Strange Desktop Behavior
      Report to your supervisor and Technology Service Desk:

      • If you receive e-mail with a suspicious attachment,
      • If you suspect that your computer has been broken into (hacked); for example, you notice strange files left on your desktop or in your working folders,
      • If you notice strange behaviors, such as the disk making a lot of movement sounds, the computer responding very slowly to your typing, or other unusual actions,
      • If unexpected windows pop up on your screen, or
      • If your Web browser behaves strangely, such as not opening to the default home page or the one you have selected.
      Confirmation of suspicious activity on your computer, should be reported immediately to the IR&C Technology Service Desk.

      Suspicious Systems Activity
      Report security incidents involving any networked devices to your supervisor, Technology Service Desk, and, if applicable, departmental data proprietor.

      Security Breaches Involving Sensitive Information
      Report to your supervisor any incident in which there is a breach to the security of a computer (including laptops or other portable devices) containing sensitive data, such as a person's name plus Social Security number. This type of security breach must be reported to the Associate Vice President-IR&C within twenty-four hours after its discovery. See

      Physical Theft or Destruction
      Report any theft or destruction of equipment to your supervisor, UCOP Building Services, and your local building security personnel.

      Improper Governmental Activities
      Improper activity involving the University may affect information assets or electronic resources. Report such activity to, in ascending order, your supervisor, the head of the affected department, or the Executive Vice President for Business Operations. Guidance about reporting these activities is available in the UC Whistleblower policy and training materials posted on the UC Whistleblower site.
   footer line
  Please submit your questions, comments, and suggestions at feedback.html