- » Account Request
- » Alumni Account Request
- » Calendar Request
- » Access Request
- » Disk Quota Increase
- » Exiting Employee
- » Request Forms and Processes
(ITS Staff only)
HSU has established best practice procedures that must be followed whenever a computer connected to a University network is suspected of having been compromised by a virus or other threat. This procedure is a requirement under our data protection compliance mandate, so it is particularly important to determine whether Level 1 protected data is stored on the affected system.
Systems unlikely to contain Level 1 protected data do not require preemptive forensics work by the Campus Information Security Office, which involves the removal of the physical machine to a separate facility for detailed investigation. However, if the presence of Level 1 data is identified at any point during the investigation, all work by campus IT staff and anyone not a member of the Campus Incident Response Team (CIRT) technical team designated by the Information Security Office should immediately stop.
Do not unplug, turn off, disconnect, or otherwise touch the computer in any way UNLESS you strongly suspect that Level 1 protected data is in the process of being removed from the system as a result of the compromise and that your actions would prevent this.
Do not take any steps to examine the machine until you have determined to the best of your ability that Level 1 information is not present on the system.
Start by asking the user or their supervisor if it is likely that Level 1 information is present on the machine.
If you have questions at any stage of this, please stop and contact Information Security. Dealing with security compromises requires that specific procedures be followed in order to establish an audit trail. It is not an opportunity to experiment.