Smith College Admission Academics Student Life About Smith news Offices
  Home > Offices > Information Technology Services > TARA > Security > Reporting a Security Breach  
   Reset Password     Smith Directory    Smith Portal   Server Status  Smith Software
 
       
 


Categories
Welcome
Getting Started
25Live Scheduling
Account Forms
Admin Systems*
BannerWeb
Cloud Storage
File Transfer
Google Apps
   Smith Mail
   Contacts
   Calendar
Internet Browsers
Macintosh
   Connecting
   Backup & Restore
   Upgrading
   Related Apps
   Other Info
Microsoft Office
   Excel
   PowerPoint
   Word
Microsoft Windows
Mobile Devices
Moodle
Passwords
Printing
Security  
Smith Network
Smith ResNet
Standard Software
Telephones
Terminal Emulators
Training
Unix
Viruses & Spyware
Web Development

*Smith login required

  

PROCEDURE FOR REPORTING A SUSPECTED SECURITY BREACH


What is a Reportable Incident

A reportable incident occurs when:

  • An unauthorized person is believed to have gained the ability to access personal, confidential, or sensitive information that is stored on a college data system, or

  • A person who is authorized to access personal, confidential, or sensitive data that is stored on a college data system misuses that data.  

The unauthorized person may gain access through a lost or stolen computer, unauthorized use of a legitimate username and password, or hacking into a college system or network.

Confidential and Proprietary Data

Personal, confidential, and sensitive information are terms defined in the Employee Security Policy.

Personal Information is defined by Massachusetts General Law 93H as a person’s first name and last name or first initial and last name in combination with any one of the following:

  • Social security number
  • Driver’s license number
  • State-issued identification card number
  • Financial account number
  • Credit card number or debit card number

Back to top>

How to Report

Any school employee who discovers or is notified of a suspected security breach will immediately report it to their supervisor.  Department officials are responsible for reporting a suspected security breach as follows:

  1. If the suspected security breach is the result of the theft of a computer or storage device:

    • Report the theft to Smith College Public Safety (ext. 2490).

    • If the theft occurred off campus, report the theft to local law enforcement.

    • Report the theft to the ITS User Support Center (ext. 4487 or 4its@smith.edu).

    • After business hours, the ITS Director on Call can be notified through Public Safety if the situation is time sensitive. 

  2. If the suspected security breach is the result of the loss of a computer or storage device:

    • Report the theft to the ITS User Support Center (ext. 4487 or 4its@smith.edu).

    • After business hours, the ITS Director on Call can be notified by contacting Public Safety if the situation is time sensitive.

  3. If the suspected security breach is the result of unauthorized access of or misuse of personal, confidential, or sensitive information:

    • Report the suspected security breach to the ITS User Support Center (ext. 4487 or 4its@smith.edu).

    • After business hours, the ITS Director on Call can be notified by contacting Public Safety if the situation is time sensitive. 

  4. If the suspected security breach is the discovery of a system or network breach by ITS technical support staff:

    • Immediately report the intrusion to the Director of Systems and Network Services (Ben Marsden).

    • The Director of Systems and Network Services, acting as the Security Incident Coordinator, will follow the guidelines articulated in the Smith College Data Security Incident Response Plan. This will continue until the security and technical aspects of the situation are resolved.

Reporting Responsibilities

 When Public Safety is notified of the theft of a computer or storage device they will:

  • Follow their normal procedures regarding theft of college property;

  • Report the theft to law enforcement as required and act as liaison with any law enforcement agency involved;

  • Report the theft to the ITS User Support Center;

  • After business hours, report the theft to the ITS Director on Call if the situation is time sensitive.

When the ITS User Support Center or the ITS Director on Call is notified of any suspected security breach they will:

  • Follow their normal procedures for documenting the report;

  • Notify the Director of Systems and Network Services;

  • Notify the Vice President for Information Technology.

Once notified of a suspected security breach, the Vice President for Information Technology and the Director of Systems and Network Services will follow the guidelines articulated in the Smith College Data Security Incident Response Plan.

Back to top>


For More Information...

If you have any questions about reporting a suspected security breach, please call the User Support Center at x4487 or send email to 4its@smith.edu.

Back to top>



  

 


Copyright © 2013 Smith College Information Technology Services  |  Stoddard Hall 11  |  Northampton, MA 01063
413.585.4487  |  Questions or comments?  Send us email  |  Last updated January 10, 2013
DirectoryCalendarCampus MapVirtual TourContact UsSite A-Z