Carnegie Mellon University
Computing Services  ›  Information Security Office  ›  News  ›  2019  ›  How to Handle and Report Information Security Concerns
August 28, 2019

How to Handle and Report Information Security Concerns

We know that students, staff, and faculty care about protecting their computers and mobile devices and take steps to secure them. However, no matter how securely we use technology, cybercriminals are constantly utilizing new attack methods to compromise accounts and steal personally identifiable information. This article will review how users should report security concerns here at Carnegie Mellon. Ultimately, the quicker a security concern is detected and reported, the more likely it is that the Information Security Office (ISO) can reduce the harm a cyber-attacker can cause to the university and its members.

Suspect a computer you use for University related work or study is:

  • Compromised (un-authorized interactive access)
  • Infected by viruses, worms, or other malware
  • Attacking other systems
  • Misconfigured- leading to a security vulnerability or negative impact on the University computing infrastructure

Follow the Procedure for Responding to a Compromised Computer:

  1. Disconnect the computer from the network
  2. Contact the Information Security Office at (412) 268-2044 or by email at iso-ir@andrew.cmu.edu
  3. Notify users of the computer, if any, of a temporary service interruption
  4. Preserve any log information not resident on the compromised computer
  5. Wait for further instructions from the Information Security Office

Suspect a computer used for University work or study has committed a security breach or is under attack:

Email iso-ir@andrew.cmu or call ISO at (412) 268-2044 and include:

  • Timestamps (including timezone)
  • Hostnames or IP addresses
  • Network device or service access logs
  • Contact information 

Reporting an email scam or phishing attempt:

Email iso-ir@andrew.cmu.edu or call ISO at (412) 268-2044 and include:

If you clicked on a phishing email link or attachment, follow the Procedure for Responding to a Compromised Computer.

Reporting that you may have been phished:

Follow the instructions at I Might Have Been Phished, What Do I Do?

  • Move Your Hands Away from Your Keyboard
    • Some phishing links will attempt to install malicious software onto your computer which can capture your keystrokes
  • Disconnect Your Computer from the Network
  • Report the Phishing Message to the Information Security Office
  • Change Your Password from A Different Computer

Reporting unsolicited Spam messages:

If you are receiving spam email and your Spam Settings are configured, follow the appropriate steps outlined on the Spam Management webpage.

Reporting theft of a computer used for University related work or study:

  1. Report the theft to University Police at (412) 268-2323
  2. Email iso-ir@andrew.cmu.edu including relevant:
    • Registered hostname(s)
    • Physical (MAC) address
    • Last time used on campus network pre-theft

Questions?

If you have additional questions about reporting information security concerns or reporting specific types of incidents, please reach out to the Information Security Office at iso@andrew.cmu.edu