Using University IT securely and responsibly: a guide to reporting issues, loss and inappropriate use

Transcription

1 Using University IT securely and responsibly: a guide to reporting issues, loss and inappropriate use If you become aware of a security-related issue with a University computer or one connected to the University network in your School or Division the issue should be reported to the IT Service Desk i. The IT Service Desk should also be informed of receipt of threatening or abusive , and the presence of any material deemed inappropriate on a University IT collaborative space. On receiving notification of an incident, the IT Service Desk will work with the IT Security Team to investigate the issue. The IT Security Team will co-ordinate an incident response, including liaison with other internal and external organisations. On the following pages, you will find processes for: 1. Reporting a compromised system or computer account 2. Reporting lost or stolen data media, computing devices, or Smartphones 3. Reporting receipt of threatening or abusive 4. Reporting inappropriate material in University collaborative spaces INF-093-Q-7 / September 2011/ JK

2 1 Reporting an IT Security Incident - compromised system or account If you discover or believe your University computer system has been subject to unauthorised access, possibly resulting in system or data files being unlawfully read or modified, contact the IT Service Desk. Note: If contacting the IT Service Desk by , do not use the suspect system. You should provide the IT Service Desk with as much detail of the incident as possible. As a minimum include: Your contact details Your location: building, room number, computer outlet number The type of system, desktop, laptop or server Operating system and version Computer s network address Why the system is suspect Date and time first suspected Any error messages or events The IT Service Desk will keep you and your Local Computing Representative ii (LCR) updated at appropriate stages. If the incident was not reported by the LCR, then the person we have registered as responsible for the system will be contacted via . You may of course at any time during core hours request a progress report by contacting the IT Service Desk. Note: If you believe unauthorised access to personal data has occurred which might cause damage or distress to individuals (e.g. medical or health data, personal financial information, credit card or bank account numbers, social security numbers or any large data sets of personal information) notify the University s Governance and Compliance Division iii immediately. In cases of a serious breach the University may report the breach to the Information Commissioner's Office.

3 2 Reporting lost or stolen data media, computing devices, or Smartphones This procedure covers both University owned and personally owned devices used for business purposes. Step 1: Report the loss Notify local law enforcement in the jurisdiction where the laptop or Smartphone was stolen (South Wales Police for the Cardiff area). Be sure you obtain the crime number and primary police contact. Step 2: Contact the University Security and Portering Services Provide Security and Portering Services iv with the Police crime number and contact information. If your School or Directorate has insured your laptop under the University Laptop All Risks Cover, contact Ken Howells (University Finance Division), 9 th floor, Newport Road to register the loss. Step 3: Contact the IT Service Desk Step 4: Determine whether you have lost confidential or sensitive data or data belonging to another organisation In order to determine whether or what confidential/sensitive data may have been exposed, consider what kind of information was stored on your computer or device. If you have copies of the documents on University servers, e.g. H: or S: drives, or a back up CD or DVD, you can review the information stored by reviewing the back up. If you believe that your computer or device held personal data which might cause damage or distress to individuals if released inappropriately (e. g. medical or health data, personal financial information, credit card or bank account numbers, social security numbers or any large data sets of personal information) notify the Governance and Compliance Division immediately. In cases of a serious breach the University may report the breach to the Information Commissioner's Office. If you believe that data belonging to other organisations, corporations or agencies was stored on the device and that the data was confidential or legally protected or contractually restricted, notify the relevant organisation. Step 5: Change your passwords immediately Passwords used can be stored or saved in the memory on the computer or mobile/storage device. You can change your Cardiff Username password via the Password Management system on the Cardiff Portal login page [ Step 6: Notify credit cards and banks If you stored any confidential data, such as credit card or bank account numbers on the computer or mobile/storage device, you should notify the affected institutions.

4 Step 7: Register the computer's details Register the computer's details with the Immobilise UK National Property Register [ You'll need to provide the computer's serial number. Your computer vendor may also have a registry that allows you to report the computer as stolen. Step 8: Staff members should notify their line manager of the loss All computers registered for access to the Cardiff University network have a unique Ethernet address that is recorded by IT Services when your computer is registered. If the computer should be reconnected to the campus network using this address it is possible that the computer might be located. See either your Local Computing Representative (LCR) for information on your computer's Ethernet address or contact the IT Service Desk. Step 9: Remotely remove all data from a mobile device If the lost or stolen device is a University BlackBerry Smartphone, contact the IT Service Desk who will be able to arrange for all data on the device to be remotely wiped. Also see BlackBerry tips and FAQs [ In the case of other University smart phones (e g iphone) and personally owned Mobile Phones or PDAs, contact your service provider.

5 3 Reporting receipt of threatening or abusive Unsolicited - also referred to as Spam, UCE (Unsolicited Commercial ) or UBE (Unsolicited Bulk ) is an increasing problem on the Internet. The filtering software used at Cardiff automatically adds the word 'spam' to the beginning of the Subject line of suspected spam . You can use this feature to set up a suitable filter to send any such marked as 'spam' into a separate folder. For more information please see Communications Tools - [ If you have received threatening or abusive please take the following action Do not reply to any such message or click on any link within the message. Retain all copies of the message. Report the incident to the IT Service Desk, and provide: Your contact details A copy of the message showing the Full Headers v IT Services will attempt to determine the origin of the message and where appropriate liaise with the University's Security Services on your behalf. If the content of your message appears to offer illegal services such as child pornography, you must report this to the Internet Watch Foundation [ website. This organisation works in partnership with ISPs, Telcos, Mobile Operators, Software Providers, Police and Government, to minimise the availability of illegal Internet content, particularly child abuse images.

6 4 Procedure for reporting inappropriate material in University collaborative spaces The University is committed to protecting and promoting the rights of every member of the University community to freedom of thought, conscience and religion, freedom of expression and freedom of association. However, any expression has to be within the law and take account of the rights and reasonable sensitivities of others. If you have concerns that an entry made within Quickr TeamPlace or Connections is offensive and/or illegal and feel it necessary to bring this matter to the attention of the Collaborative Tools Service Owner, please follow these steps Step 1: Do not reply or respond to the posting in any way Step 2: Note the location of the material of concern - i.e. the Quickr TeamPlace name and folder or Connections component profile Blog, Wiki, discussion forum etc Step 3: Note the date and time of the post in question, along with the name of the person who has posted the entry Step 4: If appropriate to do so, screen grab and print the material of concern. IMPORTANT: Do not print any material that you consider to be illegal e.g. child pornography - you will be committing an offence if you do so. In instances where material is considered to be illegal, simply report the location of the offending material but do not attempt to print or distribute the material in any way Step 5: Contact the IT Service Desk who will escalate your concerns directly to the relevant Service Owner. The Service Owner will at appropriate stages keep you updated on progress, although you may of course at any time during core hours request a progress report by contacting the IT Service Desk. Report a blog or wiki If you feel that a blog post or comment contains unacceptable content, you can report the offending item via the Report a Blog feedback form [ Similarly, if you feel that a wiki space contains unacceptable content please use the Report a Wiki feedback form [

7 Appendix 1 i How to contact the IT Service Desk - insrvconnect You can contact the IT Service Desk by telephone, , or in person. To contact by telephone: +44 (0) To contact by insrvconnect@cardiff.ac.uk You can also fill in an online help request form at: From 17:00 to 22:00 there is a reduced telephone support service. Messages left outside of working hours will be answered as soon as possible on the next working day. s sent to the IT Service Desk will be responded to within one hour during core hours. s sent to the IT Service Desk outside of core hours may not be responded to until the next working day. The IT Service Desk may be visited in person from 8:30 to 17:00 during normal University working days. The IT Service Desk is located at: 40/41 Park Place Cathays Cardiff CF10 3BB ii Local Computing Representatives Each School has nominated a Local Computing Representative to act as a formal link between the School and the IT Services Directorate on IT matters. The role and responsibilities of the Local Computing Representative (LCR) include providing some technical help for the School's IT users, and liaising with IT Services on IT matters relating to their School. For further information see: iii Breaches of the Data Protection Policy All alleged breaches of the data protection policy shall be notified to the University s Data Protection Officer (based in the Governance and Compliance Division) in the first instance. University Data Protection Officer Mrs Ruth Robertson InfoRequest@cardiff.ac.uk Tel: (029) Security & Portering Services iv Reporting an Incident Crimes and incidents should be reported to the Police, on: (029) and if possible to the University's Security Services by telephoning: (029) or University internal extension: (24 hour service); by visiting the Security Control Centre; or by speaking to the University's Campus Patrol Officers. The Security Centre, which is point 35 on the Cardiff University locations and directions guide, is located in Park Place, directly opposite: Park Place. Tel: (029) Fax (029) For further information see:

8 v Viewing full headers consists of a header and the body of the message. The header provides information on who sent the (From: field); who the recipient was (To: field); what the subject was (Subject: field); and when it was delivered (Date: field). The header contains more information than is normally shown. In particular the routing information is very useful in problem solving. If you are asked to forward an with the full headers enabled please follow the instructions below. They tell you how to turn on full headers in the software supported by IT Services as well as Hotmail. Viewing full headers see: Appendix 2 Useful links What to do if your computer has a virus, Trojan or malware infection. What to do if you receive a Phishing . Appendix 3 Related policies and guidance Cardiff University Legal Compliance Unit [ Cardiff University IT Regulations [ Cardiff University Safeguarding Children and Vulnerable Adults Policy [ en%20&%20vas%20policy% doc] Cardiff University Guide: Working from home [ working from home.doc] Cardiff University Guide: Security of Laptop and Personal Digital Assistants (PDA) [ Cardiff University Guide: Protecting sensitive information on laptops [