Incident Management

A security event occurs when a student, faculty, or staff member notices that a device or system is behaving abnormally—enough to warrant alerting the Information Security team. In response, the team may either resolve the issue quickly or conduct a detailed investigation to determine whether someone attempted to bypass the University's security measures.

If the investigation reveals a credible threat, malicious activity, or evidence of unauthorized access, the situation is elevated to a security breach. Breaches put University systems, sensitive data, financial resources, and the safety of our community at risk.

Examples of security breaches include:

• Unauthorized access to any University system

• Theft or exposure of confidential or sensitive information

• Use of malicious software (e.g., viruses, malware) to access or damage data

• Loss or theft of a University-owned device (e.g., computer, laptop, phone, tablet, external drive, or USB stick)

Depending on the nature of the breach and the data involved, reporting to University leadership or external regulatory agencies may be required.

Note: Loss or theft of university-owned devices must be reported to Information Security immediately. 

Security events:

Security events at SIU should be reported and investigated to determine if an event requires an official “notification of exposure” as determined by SIU policy; contract agreements; state or federal law; or regulations such as FERPA, HIPAA, PCI. It is important to report suspected events promptly, so Security can determine if the event is a problem that needs to be resolved, or if the event is an actual security breach. Urgency in reporting and in taking action is essential, as a major security breach will certainly result in a loss of trust in the University by our students, faculty, staff, vendors, and community. Failure to report an event may result in disciplinary action, legal action, and/or fines from regulatory entities.