Reporting security incidents

IT security incidents present a risk to the operation of Flinders University and the University community. It is vital that all IT security incidents and weaknesses are identified and reported to ensure proper management and investigation to lower negative impacts to the University.

Security incidents that should be reported:

Access to inappropriate materials or suspected system misuse.
Theft or loss of any of the organization's equipment including computers, mobile devices, USB storage devices, CDs.
A University owned computer infected by a virus or other malware.
Disclosure of a personal FAN to unauthorised people, sharing of a personal FAN or disclosure of passwords.
Website defacement or suspected system compromise.
Receiving a 'phishing' email asking for your Flinders University FAN or password.

Security incidents reporting steps

Step 1

Contact IDS Security Services immediately with the following information:

What is the nature of the incident?
When did the incident occur and when was it discovered?
How was the incident discovered?
Do you suspect the system has been compromised? How many systems are affected?
Was there any sensitive data resident on the affected systems (student, research, or financial data)?

Step 2

Remove your device from the internet.

If you suspect a system has been compromised disconnect the system from the network - removing the network cable or disable wireless connectivity is the simplest method for doing this (do not power off the system).

Step 3

Please take no action other than isolating the system until you have communicated with IDS Security Services.

How to report security incidents

Any observed security weakness in, or threat to, Flinders University IT services or any known or suspected breach of the Acceptable Use of Technology Procedures must be reported as soon as practicable to IDS Security Services using the listed contact details:

Do not attempt any system remediation such as performing a virus scan without explicit clearance from IDS Security Services. Depending on the nature of the incident, it may be necessary for the IDS Security Services to perform additional analysis of the affected system.

ictsecurity@flinders.edu.au

Immediately - Call 12345

Recovery steps

Depending on the seriousness of an incident IDS Security Services may coordinate the recovery of impacted IT systems or services. As a minimum, once it has been determined that a computer system has been compromised, the following steps must be undertaken:

All related user passwords on the affected system must be changed (including all user FANs).
A system may be wiped and rebuilt to ensure that all compromised system components are refreshed and no malicious code or entry exists on a system.
Users reporting a security incident will be informed of the resolution or outcome of the incident response and recovery after all investigations have been completed.

IDS Security Services must provide clearance to reconnect or use a system that has been part of an incident investigation and recovery (suspected or confirmed).

Support for digital and IT services

Opening hours: 8am to 5.30pm, Monday to Friday, excluding public holidays

After hours or when all staff are busy you will be given an option to leave a voicemail message. Voicemails will be accessed as soon as practical during business hours otherwise you may choose to log an IT support request.