Information Security
Report suspected security incidents immediately All individuals should be alert to security vulnerabilities, threats and breaches to systems, services or information. Vulnerabilities are conditions that place UNC’s information assets at undue risk. Threats are situations that may strain or potentially break existing security controls. Breaches are situations where policies and standards are not complied with, where confidential data is not adequately protected where systems behave abnormally, and when systems are unavailable.
For observed or suspected information security breaches, isolate the system and stop use. Do not transfer any diskettes in use to other computers. Individuals should report security incidents and vulnerabilities to the Technical Support Center (351-4357) as quickly as possible. This will minimize the damage and aid in improving response. Users should not, in any circumstances, attempt to test or prove a suspected weakness on their own. Report any observed or suspected incidents immediately.
Security incidents include but are not limited to:
Laptop Theft University Owned Cellular Telephone Theft or Loss Confidential Data Leakage Unacceptable Conduct
Social Engineering Laptop Theft Immediately report the loss to UNC PD (351-2245) and the Technical Support Center (TSC 351-4357). University Owned Cellular Telephone Theft or Loss Immediately contact your service provider to disable the phone. Confidential Data Leakage You may discover sensitive information that is vulnerable. For example, confidential data left on a printer, stored on a shared file server or in a repository. If you know the data owner, contact them immediately so that appropriate measures are taken. Otherwise, report the incident to the TSC.
Unacceptable Conduct If you witness behavior that compromises UNC’s Information Security, report the matter to your appropriate management.
Social Engineering If you are contacted by someone asking suspicious questions that could compromise security, politely cease further discussion, record the facts, and contact the Technical Support Center. Typical situations include: persons claiming to act on authority requesting a password (passwords must never be disclosed to others, even to fix problems). Generally, avoid participating in verbally based surveys. In the rare case that it is justified (i.e. there is a clear benefit to UNC), validate the legitimacy of the requestor, and obtain approval by line management. Anonymous Reporting UNC also offers students, faculty and staff access to a confidential, anonymous reporting system that is not part of the university. Available 24/7/365, MySafeCampus sends the report to UNC while protecting the reporter’s identity and allowing anonymous follow-up. MySafeCampus doesn’t replace existing university processes for reporting concerns. It’s an alternative for anyone who feels unsafe using the usual channels.
To Make an Anonymous Report please visit http://www.unco.edu/mysafecampus/
 |
Main Office (970) 351-2341 |
 |
TSC [Help] (970) 351-4357 |