Reporting Cyber Security Incidents Policy

Expresses the campus expectations regarding reporting unusual or serious cyber security incidents.

Policy Information

Policy Number	Policy Owner
10018.2	Information Technology Services

Policy Number

Policy Owner

10018.2

Information Technology Services

Date	Version Number	Change Description	Referenced Section
2/10/05	1.0	New Document	Entire Document
10/6/14	2.0	Major Revisions
12/13/18	2.2	Minor Revisions
2/1/22	2.3	Minor Revisions	Owner Name

Date

Version Number

Change Description

Referenced Section

2/10/05

1.0

New Document

Entire Document

10/6/14

2.0

Major Revisions

12/13/18

2.2

Minor Revisions

2/1/22

2.3

Minor Revisions

Owner Name

Review Process / Approval

Action:	Units	Date
Policy Review	Information Technology Services Management Services
Policy Approval	Office of Information Technology	2/10/05

Action:

Units

Date

Policy Review

Policy Approval

2/10/05

3.0 Units and Persons Affected
4.0 Policy

Campus employees and students are requested to promptly report any "unusual or serious cyber security incident" to the Director of Information Technology Services. If there is any ambiguity about whether an incident should or should not be reported, err on the side of reporting it.
5.0 Definitions
6.0 Responsibilities
7.0 Procedures
8.0 Forms
9.0 Appendix
10.0 Distribution and Training

For additional information about this policy, please contact the Policy Owner listed above.