Reporting a Security Incident
What qualifies as a "Security Incident?"
As stated in the Administrative Guide Memo on Incident Response, a security incident is defined as:
- Theft or other loss of a laptop, desktop, PDA or other device that contains High Risk information, whether or not such device is owned by Stanford.
- Attempts (either failed or successful) to gain unauthorized access to a system or its data.
- Unwanted disruption or denial of service.
- The unauthorized use of a system to process or store data.
- Changes to system hardware, firmware or software without the owner's knowledge, instruction or consent.
- OR, a Non-electronic Information Security Incident: real or suspected theft, loss or other inappropriate access of physical content, such as printed documents and files.
What should I do?
Any member of the University community who becomes aware of an information security incident should immediately:
My phone or computer was lost/stolen
Any employee who has lost, or had stolen, a device used for Stanford business is responsible for following all school procedures. This includes reporting the situation immediately to the Stanford University Privacy Office. Click here for the procedure for reporting a missing device.
I think I’ve been hacked!
If you suspect that your computer or server has been hacked or compromised, call the University Information Security Office at (650) 723-2911 and submit a HelpSU ticket.
What is a DMCA notice?
You may receive a DMCA (Digital Millennium Copyright Act) notice if the University Information Security Office receives a complaint of alleged copyright infringement. You must work with the University Information Security Office to determine if the alleged infringement is valid, and if so, the appropriate steps and behavior that will be expected of you. Go to dmca.stanford.edu to log in with your SUNetID and resolve the complaint.
If you don't have a SUNetID or can't log in, call the Information Security Office at (650) 723-2911 to arrange for resolution of the DMCA complaint attributed to you. Please refer to the SU# incident number(s) from the Subject line of your notification emails when you call.
My computer is acting weird
If your computer is not acting as expected, contact your local support person to try to determine the problem. If the problem does not appear to be a technical problem and persists, contact IRT Information Security online (irthelp.stanford.edu) or by phone (650-725-8000, option 4), or visit the Tech Bar in Lane Library (8am - 6pm, M-F).
Compromised System Policy
Any computer or device on the School of Medicine network that is posing a threat to other computers or network resources may have its network access disabled until the problem is addressed. Threats include: signs of malware infection, system compromise, attempts to exploit vulnerabilities on other systems, excessive use of network bandwidth, or other malicious network activity. Compromised systems will generally need to be rebuilt with a new installation of the operating system and updated security patches before their network access can be re-enabled.