Report a Security Incident
Guidelines for Handling A Computer System Incident
Don't Panic. Call the IT Soultions Center: 806-743-1234.The Help Desk staff will guide you through
the next steps to take, which includes the following:
Assessment. Do not shut down the machine, as you may lose important information.If the machine
is being used to attack others, or if the attacker is actively using or damaging the
machine, you may need to disconnect it from the network.If this does not appear to
be the case, leave the system intact for the moment.
System Scan. Work with the IT Help Desk and run an emergency system security scan.This information
will help you assess the damage.(The machine must be up and on the network in order
to run a scan.)
Gathering all relevant information. This may include, but is not limited to, system logs, directory listings, electronic
mail files, screen prints of error messages, and database activity logs.
Take notes. Record all relevant information, including things you observed, actions you took,
dates and times, etc.It is best to log your activities as they occur.
Changing account passwords. All system accounts that were involved with the incident may require new passwords
as determined by the Security Manager.Never share your password with anyone.Choose
a password in accordance with the password requirements and change it every ninety
The security team will determine the correct course of action. The decision may be to clean up and move on. It is also an option to attempt to catch
the culprit.The appropriateness of each course of action varies with the severity
of the incident (amount of damage, legal implications, cost of recovery, etc).