Statement of Policy
Washington University in St. Louis (WashU) is committed to conducting all university activities in compliance with all applicable laws, regulations and university policies. WashU has adopted this policy to outline the security measures required to protect electronic information systems and related equipment from unauthorized use.
To provide a well-defined, organized approach for reporting any potential threat to confidentiality, availability and/or integrity of the computer equipment or data at WashU.
If you suspect a security incident has occurred report it to your IT Help Desk or Security Liaison immediately. The Information Security Office (ISO) should also be notified of all computer and network security incidents. Security incidents have the potential to affect the confidentiality, availability and/or integrity of the computer equipment or data at WashU.
According to Community Emergency Response Team (CERT), a security incident can have the following definitions:
- Violation of an explicit or implied security policy
- Attempts to gain unauthorized access
- Unwanted denial of resources
- Unauthorized use of electronic resources
- Modification without the owner’s knowledge, instruction, or consent.
- Theft or displaced University IT property or data
- Malicious code
In addition to the initial report, complete and email the Incident Report Form to firstname.lastname@example.org.
Title: Incident Reporting Policy
Creation Date: November 19, 2015
Applicability: Protected, Confidential and Public
Reference Number: 02.08
Policy Owner: Information Security Office