August 28, 2019
How to Handle and Report Information Security Concerns
We know that students, staff, and faculty care about protecting their computers and mobile devices and take steps to secure them. However, no matter how securely we use technology, cybercriminals are constantly utilizing new attack methods to compromise accounts and steal personally identifiable information. This article will review how users should report security concerns here at Carnegie Mellon. Ultimately, the quicker a security concern is detected and reported, the more likely it is that the Information Security Office (ISO) can reduce the harm a cyber-attacker can cause to the university and its members.
Suspect a computer you use for University related work or study is:
- Compromised (un-authorized interactive access)
- Infected by viruses, worms, or other malware
- Attacking other systems
- Misconfigured- leading to a security vulnerability or negative impact on the University computing infrastructure
Follow the Procedure for Responding to a Compromised Computer:
- Disconnect the computer from the network
- Contact the Information Security Office at (412) 268-2044 or by email at iso-ir@andrew.cmu.edu
- Notify users of the computer, if any, of a temporary service interruption
- Preserve any log information not resident on the compromised computer
- Wait for further instructions from the Information Security Office
|
Suspect a computer used for University work or study has committed a security breach or is under attack:
Email iso-ir@andrew.cmu or call ISO at (412) 268-2044 and include:
- Timestamps (including timezone)
- Hostnames or IP addresses
- Network device or service access logs
- Contact information
|
Reporting an email scam or phishing attempt:
Reporting that you may have been phished:
Follow the instructions at I Might Have Been Phished, What Do I Do?
- Move Your Hands Away from Your Keyboard
- Some phishing links will attempt to install malicious software onto your computer which can capture your keystrokes
- Disconnect Your Computer from the Network
- Report the Phishing Message to the Information Security Office
- Change Your Password from A Different Computer
|
Reporting unsolicited Spam messages:
If you are receiving spam email and your Spam Settings are configured, follow the appropriate steps outlined on the Spam Management webpage. |
Reporting theft of a computer used for University related work or study:
- Report the theft to University Police at (412) 268-2323
- Email iso-ir@andrew.cmu.edu including relevant:
- Registered hostname(s)
- Physical (MAC) address
- Last time used on campus network pre-theft
|