How to report a security breach that does not involve personal data

Security breaches are reported to the local IT support team or to AU’s information security unit, but the incident will be set up and processed as a case in Cherwell (AU’s IT service management system).

• The incident is set up as a case in Cherwell following AU's incident procedure

Phising incidents are reported via the ‘report message’ (Rapportér meddelelse) button in Outlook, here is how you rapport phishing-mail.

The assigned unit is responsible for the incident. If the incident is assigned to a different unit according to type, content and solution of the incident, then the resposibility goes with. 

• The incident is described in as much detail as possible, for example indicating whether it is a case of stolen equipment, leaked data (data classification), etc. 
• The incident is assessed with regard to level of severity and criticality
• The incident is assigned to the relevant unit (It-support, Information Security Unit, others), who is responsible for:
  • to include relevant professionals
  • to secure continuity plans (if needed) according to the system owner/management
  • to communicate to relevant stakeholders (users, internal/eksternal, including authorities) 
• Depending on the above, the information security unit assesses whether to escalate the case internally through the appropriate communication channels (to the head of information security or the management team)
• Depending on the matter of the incident information/material is gathered as evidence if needed. The evidence is keept safe only while the case is pending.
• Incidents that can be categorised as major system failures are processed according to the agreed procedure for IT system failure.

• The case is finalised
• Relevant parties are informed

The Information Security Unit gathers information regaring security breaches to ensure learning for recommending further appropiate measures organisational or technical to improve the university's level of security.