The Information Security Office and the Security Incident Response Team (SIRT) are available to facilitate and provide guidance with any computer security incidents that affect university IT resources or threaten the availability, confidentiality, and integrity of university information.
All security incidents involving restricted data or confidential information, as defined by the Data Classification and Protection Policy, 4-008, on the University policy site, must be reported immediately to SIRT at email@example.com, or through the UCF IT Support Center at (407) 823-5117.
What is an Incident?
An incident can be defined as any act that violates UCF Information Security policies and/or the 102 Workstation and Mobile Device Security Standards. The types of activity below are common violations and should be reported to the UCF SIRT:
- Unauthorized attempts (either failed or successful) to gain access to a system or data
- Unwanted disruption or denial of service
- Unauthorized use of a system for processing or storing data
- Inappropriate usage according to the IT Security Policy or University Acceptable Use Policy
- Theft or loss of University computing equipment
You can report a Security Incident in any of the following ways:
- Call the Service Desk at
- Email firstname.lastname@example.org
- Submit a ServiceNow ticket
- Call the Service Desk at
General Reporting Procedures
If you are experiencing suspicious activity while using a computer, please contact your local system administrator or the UCF IT Support Center to rule out local computer or network issues. If you need to report an incident such as network scanning, probing, or system compromises, please submit the “Report a General Information Security Event to SIRT” ticket within ServiceNow or contact the UCF IT Support Center. Ticket information should include:
- Your name and contact information
- Impact of security incident
- Attach any relevant logs to the ticket. Logs must contain time stamps synchronized to an NTP server.
- If the incident is in regards to an email, please report using the Phish Alert Button. If the Phish alert button is not available, please create a ServiceNow ticket with the email attached.
- Should you feel personally threatened by any message delivered to you or action performed upon your property over the UCF network, please contact the UCF police immediately at (407) 823-5555.
General Guidelines and Procedures for Security and Administrators
STOP! When encountering an anomaly on your critical systems don’t be tempted to immediately correct the issue by restarting the system, making configuration changes to quickly remedy the incident, or restoring the system to a known good state. Making any changes could lose valuable information related to a potential compromise, such as the perpetrator, the avenue of attack, and any data that was affected. Before continuing, the UCF SIRT should be notified to coordinate a response. To assist you in the first stage of response some procedures were developed to assist in the information gathering:
Click the tabs below to learn more about our Security Incident Response Process.
Once the initial response is performed and the incident is classified and contained, further investigation may be required to determine the cause. The SIRT team may perform the investigation using forensic tools to acquire the evidence and then analyze it in a secure environment. Report incidents by signing into ServiceNow and submitting the “Report a General Information Security Event to SIRT” ticket.
Information Security Breach Notification Guidelines
Computer Forensic Examination Request