Report a Security Incident
What is a Security Incident?
Information Security’s (Security) sole responsibility is preventing unauthorized access to SIU networks, systems, and devices. Security is also responsible for protecting the sensitive information stored in University devices and systems, and shared between them. For this reason, most security incidents are detected by our Security team or by a diligent LAN Administrator.
A “security incident” develops when our Security team identifies an attempt to break through the security mechanisms the University has in place to protect our systems; our students, faculty, and staff; our sensitive information; and our financial assets. Security incidents also include any threat to, breach of, or damage created by malicious software or hackers.
The following are all considered security incidents:
- Intrusion into any University system without authorization.
- Access to or theft of confidential or sensitive data.
- Access or damage to data using malicious software such as virus or malware.
- Loss of a University-owned device. Devices include: computers, laptops, phones, tablets, external drives, and memory sticks.
Depending on the device and/or information involved, one or more University and regulatory entities may require prompt notification.
What should be reported?
- Personal Devices
- University Devices
|What Happened||Report to||Contact Information|
|Received or suspect a scam email||Information Securityemail@example.com|
|Clicked a suspicious link or provided personal information
via email, website, or phone
|Information Securityfirstname.lastname@example.org or call SalukiTech at (618) 453-5155|
|Had a personal device stolen||SIU Department of Public Safety||If you have any personal information on the device you may need to contact all of your SIU and outside account holders.|
|Lost a personal device, external drive, or memory stick||SIU Lost and Found||If you have any personal information on the device you may need to contact all of your SIU and outside account holders.|
Security incidents at SIU should be reported and investigated to determine if an incident requires an official “notification of exposure” as determined by SIU policy, contract agreements, State or Federal law, or regulations such as FERPA, HIPAA, PCI. Failure to report a suspected or actual incident may result in disciplinary action, legal action, and/or fines from regulatory entities. A major security breach will certainly result in a loss of trust in the University by our students, faculty, staff, vendors, and community.