How to report a security breach that does not involve personal data

Security breaches are reported to the local IT support team or to AU’s information security unit, but the incident will be set up and processed as a case in Cherwell (AU’s IT service management system).

• Usually the incident is set up as a case in Cherwell following AU's incident procedure
• In situations where the inquiry is made in person or by telephone to AU IT, AU IT will take action and at the same time create a case in Cherwell

Phising incidents are reported via the ‘report message’ (Rapportér meddelelse) button in Outlook, here is how you rapport phishing-mail.

The assigned unit is responsible for the incident. If the incident is assigned to a different unit according to type, content and solution of the incident, then the resposibility goes with. 

• The incident is described in as much detail as possible, for example indicating whether it is a case of stolen equipment, leaked data (data classification), etc. 
• The incident is assessed with regard to level of severity and criticality
  • Without undue delay the case is assessed by the assigned unit, including whether to escalate as soon as possible
  • Better to escalate one to many times than one to few 
  • If criminal acts are suspected with an information security breach, the inciden must always be reported to the police
• The incident is assigned to the relevant unit (It-support, Information Security Unit, others), who is responsible for:
  • to include relevant professionals
  • to secure continuity plans (if needed) according to the system owner/management
  • to communicate to relevant stakeholders (users, internal/eksternal, including authorities) 
• Depending on the above, the information security unit assesses whether to escalate the case internally through the appropriate communication channels (to the head of information security or the management team)
• Depending on the matter of the incident information/material is gathered as evidence if needed. The evidence is keept safe only while the case is pending.
• Incidents that can be categorised as major system failures are processed according to the agreed procedure for IT system failure.

• The case is finalised
• Relevant parties are informed

The Information Security Unit gathers information regaring security breaches to ensure learning for recommending further appropiate measures organisational or technical to improve the university's level of security.