News and Announcements

University community reminded of Information Security Incident Response Standard

We often hear of companies experiencing information security incidents and potential data breaches in the news. These occurrences are far-reaching, not limited to one sector, and are happening more and more frequently. Have you ever wondered what you should do if you suspect an information security incident here at OHIO?

An information security incident is anything that indicates a threat to digital systems or University data. This might include, but is not limited to:

  • Unauthorized use of University computers
  • Log in attempts (successful or not) to gain access to someone else's University affiliated account
  • Improper or unauthorized use or disclosure of sensitive data, including accidental or inadvertent disclosure, theft, or loss of a University-owned device, or a personally-owned device that contains University data
  • Misuse or abuse of University accounts and passwords to gain access to systems or data that the person is otherwise unauthorized to access
  • Malware or a pop-up on your device demanding you pay a ransom to access your data 
  • Email forgery that appears to be sent from an ohio.edu email address (to report these messages, forward the email as an attachment to security@ohio.edu)

All faculty, staff, students, or other University community members are required to immediately notify the Information Security Office if they suspect an information security incident has occurred, in accordance with the Security Incident Response Standard. As soon as the Information Security Office has been notified of a potential incident, they will initiate an investigation. To ensure that we respond to incidents timely and effectively, it is of the utmost importance that all university community members cooperate with the incident response team as necessary.

If the Information Security Office, in consultation with Legal Affairs, has confirmed that a data breach has occurred, they will notify the affected parties as soon as reasonably possible in accordance with the Data Breach Response Standard.  

For more information, please read the entire Security Incident Response Standard and Data Breach Response Standard, or contact the Information Security Office with specific questions. Every person at OHIO has a part to play in securing our University systems and data, and we appreciate your cooperation as it relates to information security incidents.

Tags:
Office of Information Technology
Published
June 28, 2023
Author
Staff reports