Steps to follow

Report anything that causes concern

Immediately contact the UCSF Service Desk to report an information security problem or a possible or potential information security problem.

Phone: 415-514-4100​​​​​

Email: [email protected]

Web: http://help.ucsf.edu

Timely reporting will allow us to limit any further damage or loss of data and determine if further investigation is necessary. Be ready to provide your contact information and other specifics, such as the date and time of the incident and the type(s) of device(s) involved.

Also report any specific information you believe indicates that a computer security incident occurred or that a device was breached, lost or stolen.

Please have any and all details ready such as (when, what, how, what happened right before, what happened right after, etc). The more details that are available at time of report, the better the incident can be investigated.

Common Security Incidents

The below list some common security incidents that occur and how to handle them:

Reporting a lost or stolen computing device

All lost or stolen computing devices must be immediately reported to the UCSF Police Department at 415-476-1414 or http://police.ucsf.edu.

Phishing Email Message

All UCSF users have access to Phish Alarm to report suspicious or malicious email that they receive. Phish Alarm is available on most versions of Outlook, Outlook Web Access, and Outlook Mobile. For more information on how to report a phishing email with Phish Alarm, please see the Phish Alarm page.

Malicious Popup or Application

If your experience a malicious popup on your computer or a malicious program has been run, please disconnect your system from any UCSF network as soon as possible (by unplugging any network cable, disconnecting wifi, or disconnecting VPN). Please note any and all details (what did the popup look like, what did the malicious application do, what you were doing right before, what happened right after, etc). Then call the IT Service Desk to open a ticket so that a security analyst can be assigned to review. The most important thing is to not interact with the malicious program or popup as this could lead to further risk.

Phishing Text Message

Sometimes you will get a malicious text message on your UCSF phone. Please ensure that you do not interact with the message as many times the message asks for you to visit a link, install an app, or reply in some fashion. By ignoring these malicious texts and not interacting with them, you will usually mitigate any risk associated with them. If you did interact with the message, then please call the IT Service Desk to create a ticket for a security analyst to review.

Incident information guidelines

Effective incident response is essential in mitigating damage and loss from an information security incident. Proper handling minimizes disruption to workflow and ensures compliance with federal, state and University laws, rules, regulations and policies.

This document satisfies the requirement in BFB IS-3, Information Security for Incident Response Procedures.

An outline of the requirements for information security incident investigations at UCSF is in Addendum C of policy 650 -16. Also see UCSF's Incident Investigation Procedures, an attachment to Addendum C.