Skip to main content

Security Incident Response

The Information Security Office and the Security Incident Response Team (SIRT) are available to facilitate and provide guidance with any computer security incidents that affect university IT resources or threaten the availability, confidentiality, and integrity of university information. 

All security incidents involving restricted data or confidential information, as defined by the Data Classification and Protection Policy, 4-008, on the University policy site, must be reported immediately to SIRT at sirt@ucf.edu, or through the UCF IT Support Center at (407) 823-5117.

What is an Incident?

An incident can be defined as any act that violates UCF Information Security policies and/or the 102 Workstation and Mobile Device Security Standards. The types of activity below are common violations and should be reported to the UCF SIRT:
  • Unauthorized attempts (either failed or successful) to gain access to a system or data
  • Unwanted disruption or denial of service
  • Unauthorized use of a system for processing or storing data
  • Inappropriate usage according to the IT Security Policy or University Acceptable Use Policy
  • Theft or loss of University computing equipment

INCIDENT reports

You can report a Security Incident in any of the following ways:
    • Call the Service Desk at
      407-823-5117
    • Email sirt@ucf.edu
    • Submit a ServiceNow ticket

General Reporting Procedures

If you are experiencing suspicious activity while using a computer, please contact your local system administrator or the UCF IT Support Center to rule out local computer or network issues. If you need to report an incident such as network scanning, probing, or system compromises, please submit the “Report a General Information Security Event to SIRT” ticket within ServiceNow or contact the UCF IT Support Center. Ticket information should include:
  • Your name and contact information
  • Impact of security incident
  • Attach any relevant logs to the ticket. Logs must contain time stamps synchronized to an NTP server.
  • If the incident is in regards to an email, please report using the Phish Alert Button. If the Phish alert button is not available, please create a ServiceNow ticket with the email attached.
  • Should you feel personally threatened by any message delivered to you or action performed upon your property over the UCF network, please contact the UCF police immediately at (407) 823-5555.

General Guidelines and Procedures for Security and Administrators

STOP! When encountering an anomaly on your critical systems don’t be tempted to immediately correct the issue by restarting the system, making configuration changes to quickly remedy the incident, or restoring the system to a known good state. Making any changes could lose valuable information related to a potential compromise, such as the perpetrator, the avenue of attack, and any data that was affected. Before continuing, the UCF SIRT should be notified to coordinate a response. To assist you in the first stage of response some procedures were developed to assist in the information gathering:

SIRT PROCESSES

Click the tabs below to learn more about our Security Incident Response Process.