Information Technology Services

CIO Home

ITS Services

Information Security

Wireless Connectivity and Networking

Enterprise Applications

ITS Students Landing Page | ITS Faculty Landing Page | ITS Staff Landing Page

ITS Initiatives

CIO Advisory Board

BGSU IT Policies

Feedback

Contact Us

Office of the CIO-Projects & Strategic Initiatives
Connect December 2007 Security Article

How To Respond To A Computer Security Incident

by Matthew Haschak, Information Security

It is Tuesday morning. You arrive at your office and prepare to turn on the computer when you realize that it must have been left on Monday evening. You log in, and while attempting to check your email, the system is extremely sluggish. You check the anti-virus to see if it is up to date. Unfortunately, upon double clicking on the McAfee icon, you notice that the antivirus software has been disabled. What is your next step?

This example is just one of hundreds of possible scenarios that would constitute a computer security incident. Whether it is detecting a virus, discovering a hacker has control of your system, realizing a co-worker has been using your system without permission or finding that your computer has been stolen, it is important to know what to do if you suspect that someone unauthorized has accessed your computer. The following steps provide guidance on how to respond to a common scenario (i.e., the above examples) and can be applicable to many situations.

Any computer incident that also involves a threat to human safety (threatening email, suicide notes, etc) or a physical theft of equipment, should start with a call to the BGSU Police Department at 419-372-2346.

  1. Stop. Grab a pen and paper and document the situation while it is fresh in your mind. Also, think about the type of data stored or processed on your system. Does your computer contain sensitive data as defined in the “Interim Sensitive Data Privacy” policy? (www.bgsu.edu/offices/cio/page32492.html)
  2. Immediately call the Technical Support Center at 419-372-0999. If you are concerned about confidentiality, tell the TSC representative who answers that you want to talk with a member of the information security staff regarding a security incident.
  3. Unplug the network cable (usually a light blue cable) or log off wireless if you are connected via wireless. This will prevent the computer from sending traffic out and prevent the hackers from getting into the computer.
  4. Wait for the ITS Information Security Office to contact you. In some instances we will talk you through a few steps to better understand the issue. In some other situations we will send a member of the incident response team to collect the evidence.

A few facts that are important for you to know now:

  • Do not attempt to shut down or use the computer. Important evidence can be destroyed if not properly preserved.
  • Various federal and state laws require thorough investigation into security incidents depending on the type of data on those systems.
  • Information Technology Services will work with you to get you up and running as soon as possible.

If you have questions or concerns regarding how to respond to a computer security incident, visit www.bgsu.edu/infosec or email us at abuse@bgsu.edu.

Bowling Green State University | Bowling Green, OH 43403-0001 | Contact Us | Campus Map | Accessibility Policy
Bowling Green State University homepage MyBGSU Email Search Directory Academics Admissions The Arts Athletics Library A to Z Links Bowling Green State University