Reporting Security Incidents

• Protect Assets
• Secure Your Computer
• Report Incidents
• Protect Restricted Data
• Unsafe Practices
• UCOP Policies
• Universitywide Policies
• UCOP Security Initiative
• Universitywide Information
• UCOP Security Home

What To Report - Who To Report To

Anyone who experiences a security-related incident must consider whether to report it. In general, managers need to know about any threat to UCOP information assets and electronic resources, but not every occurrence may need to be reported. For example, while it is not necessary to report every instance of a virus-infected e-mail, it is important for managers to know that such e-mail is being received so that they may assess the problem and develop a remedy. As a general rule, ALL incidents should be reported first to your supervisor.

Strange Desktop Behavior
Report to your supervisor and Technology Service Desk:

• If you receive e-mail with a suspicious attachment,
• If you suspect that your computer has been broken into (hacked); for example, you notice strange files left on your desktop or in your working folders,
• If you notice strange behaviors, such as the disk making a lot of movement sounds, the computer responding very slowly to your typing, or other unusual actions,
• If unexpected windows pop up on your screen, or
• If your Web browser behaves strangely, such as not opening to the default home page or the one you have selected.

Confirmation of suspicious activity on your computer, should be reported immediately to the IR&C Technology Service Desk.

Suspicious Systems Activity
Report security incidents involving any networked devices to your supervisor, Technology Service Desk, and, if applicable, departmental data proprietor.

Security Breaches Involving Sensitive Information
Report to your supervisor any incident in which there is a breach to the security of a computer (including laptops or other portable devices) containing sensitive data, such as a person's name plus Social Security number. This type of security breach must be reported to the Associate Vice President-IR&C within twenty-four hours after its discovery. See

• General Information for UC about Security Breaches
• UC Security Breach Notification Policy: BFB IS-3, Section IV.E.
• UCOP Guidelines for Protection of Electronic Personal Information Data and for Security Breach Notification

Physical Theft or Destruction
Report any theft or destruction of equipment to your supervisor, UCOP Building Services, and your local building security personnel.

Improper Governmental Activities
Improper activity involving the University may affect information assets or electronic resources. Report such activity to, in ascending order, your supervisor, the head of the affected department, or the Executive Vice President for Business Operations. Guidance about reporting these activities is available in the UC Whistleblower policy and training materials posted on the UC Whistleblower site.