To help protect UCSF, our policies require end users and system owners to report any suspicious security events to the appropriate unit as a potential security incident requiring investigation.  A security “event” is anything observed or encountered that may be normal or expected, or deviate from the normal, while a security “incident” is an event that violates policies, potentially threatens UCSF information security or business operations. The timeliness of reporting suspicious events is important as it enables UCSF IT Security to respond appropriately to contain it and minimize the impact (e.g., potential work disruptions or costs) associated with the event.

The UC Learning Center’s course on Cybersecurity Awareness Fundamentals is a good source of information. 

When encountering information that looks suspicious or might be a crime, report it to IT Security.  If it is an email, use the Phish Alarm button to report it. When in doubt, it is always best to err on the side of caution and report. 

UCSF IT Security analytics can quickly determine what type of email it is, in most cases, and get back to you. If it is a real phish, IT Security will block it from harming you and others. If you receive a clean response from Phish Alarm, but you feel this result is incorrect, please open a ticket with our IT Service Desk to initiate a manual review of the message. 

NOTE: Phish Alarm is not available in shared service accounts. If a message appears to be a phish in one of those accounts, please open a ticket with our IT Service Desk.  

For more information on Phish Alarm, please visit the Phish Alarm Service page. 

UCSF incident response procedures call for documenting, tracking, and resolving all information security incidents. 

In the event of a device breach, computer security incident, or device loss/ theft, be prepared to provide detailed information about the event (e.g., date and time of loss, the type of device, and your contact information) to IT Security of UCSF Police. 

If you administer UCSF devices, systems, or applications, it is your responsibility to regularly monitor them for threats or unusual behavior. There are many threats to UCSF data and systems and monitoring your system's performance and data security are crucial to detecting and containing attacks. 

If a system is suspected of being compromised or attacked, report it immediately to the UCSF IT Service Desk - Available 24/7 - at: