Procedure for Reporting and Handling Security and Privacy Incidents

Issuing Authority and Effective Date

Effective Date: November 21, 2011

Date Last Reviewed: July 6, 2022

Issuing Authority: Chief Information Security Officer

Information Security Reporting Procedures

The Computer Incident Reporting Procedure provides a series of channels through which incidents can be reported, investigated, tracked, and administratively reviewed to ensure Temple University information assets and/or infrastructure are protected.  The Office of Information Security will be the primary responder to the incidents. Other departments will assist as the need arises.

*AFTER NOTIFYING THE OFFICE OF INFORMATION SECURITY, IT IS ESSENTIAL TO FOLLOW THE INSTRUCTIONS OF THE RESPONSE TEAM.  ALL TECHNOLOGY DEVICES MUST NOT BE USED, TURNED OFF OR ON, OR CHANGED IN ANY MANNER THAT MAY COMPROMISE EVIDENCE OR THE INVESTIGATION.

Examples of what type of incidents should be reported appear below:

  • Any suspected hacking or intrusion attempts
  • Suspicion of a password compromise
  • Harassment by e-mail
  • Violation of any technology policy

Phishing

If you are looking to report a phishing email scam please email abuse@temple.edu.

Critical Issues

  • Critical issues should be reported immediately to your manager and the Office of Information Security and Privacy via phone. Follow the contact list below for the Office of Information Security.
  • Critical issues involving notification of an intrusion from our Intrusion Detection Systems or Network logging facilities should be brought to the attention of the Office of Information Security and Privacy immediately.

The Office of Information Security and Privacy Contact Information:

  • Office of Information Security and Privacy – Sheena Thomas, 215-204-4070 or infosec@temple.edu
  • Escalation for all of Information Technology Services – Larry Brandolph, Vice President for Information Technology and University Privacy Officer, 215-204-7077 or larry.brandolph@temple.edu

Non-Critical Issues

  • Non-critical issues should be reported to the following management personnel by telephone, e-mail, in person, or via TUhelp system:
    - Your immediate supervisor within assigned Department
    - Technology Support Center (tuhelp.temple.edu / 215-204-8000)
    - Office of Information Security and Privacy (215-204-4070)
    - Human Resources (if University policy or codes have been broken)
  • Technical issues
    The Technology Support Center will refer the matter to the appropriate Information Technology Services personnel through the TUhelp system.
  • Non-technical issues
    The Technology Support Center will refer the matter to an Information Security Office person through the TUhelp system.

Handling Procedures Following Reporting of Security and Privacy Incident

  1. The Chief Information Security Officer, as appropriate, shall activate and lead its Incident Response Team following the report of a suspected event or incident.
  2. After notifying the Office of Information Security it is essential to follow the instructions of the response team.
  3. The Incident Response Team shall proceed to assess the nature and scope of the incident and identify what data/systems/services have been accessed or misused.
  4. The Incident Response coordinator will contact the Privacy Officer to review if there needs to be a breach declaration, if event is solely privacy or a combination of both.
  5. System owners, working in full cooperation with the Incident Response Team, shall provide the necessary resources to take appropriate steps in order to contain and control the incident, to prevent further unauthorized access such as monitoring or suspending access, and to preserve records and other evidence.
  6. The Incident Response Team shall create an Incident Report that will document the facts surrounding the incident, the steps taken to mitigate any immediate threat, the steps taken to ascertain the scope and nature of the breach, the nature of the breach itself, the list of affected individuals and any other relevant information relating to the incident.
  7. The Incident Response Team, as needed, shall include Temple Legal Counsel, Temple University Police, Risk Management, outside law enforcement or other areas of the University affected.
  8. The Breach Declaration Team shall evaluate the Incident Report and make the final determination as to whether a Breach of Personal Identifiable Information (PII) has occurred.
  9. The Chief Information Security Officer, independent or as appropriate, to the outcome of the Breach Declaration Team, shall lead an effort to formulate a long-range plan to prevent recurrence of the incident.
Print Article