ITS Cybersecurity Incident Response Procedure
May 25, 2022


Dear Colleagues,

Being able to recognize and report both actual and suspected cybersecurity incidents helps limit the damage, time, and costs associated with recovery. Furthermore, incident reporting helps the District enforce and strengthen security policies, procedures, and contingency plans as well as maintain regulatory compliance.

What is an Information Cybersecurity Incident?

A cybersecurity incident is an occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies (NIST).


  • Unauthorized access or changes to, or use or destruction of systems, software, or data
  • Unauthorized disclosure of data
  • Interference or subversion of systems
  • Loss or theft of equipment or systems storing institutional data
  • Compromised user accounts
  • Denial of service attacks
  • Ransomware
  • Violation of a security policy whereby any of the above may occur

What To Do if You Suspect a Phishing Attempt

If you think you may have received a phishing email, please follow the reporting procedure at

What To Do if You Suspect Your Computer Is Infected

  1. Stop using the device immediately.
  2. Do not power down the device. The device may contain important information for a forensics team.
  3. Unplug the device from the network or disconnect it from Wi-Fi.  Infected systems are often used to infect others on the same network.
  4. Follow the How to Report an Incident section below.

How to Report a Cybersecurity Incident

In order to effectively diagnose and mitigate a cybersecurity incident, ITS needs as much information as possible.

What to Include in the Incident Report

  • Your name
  • Email address
  • Department
  • Telephone number
  • Description of the information security problem
  • Date and time the problem was first noticed (if possible)
  • Any other known resources affected

Where to Report the Incident

After you have gathered the necessary information listed above, please report the incident to either:


If you have any questions regarding this or any other previous advisory, please feel free to email the Office of Information Security.