Security Incident Reporting

IT security violations should be reported to the Security Team via the security incident notification form.

Currently incidents are reported to various groups at Emory. Some incidents are reported via email to abuse@emory.edu, directly to the Emory Web Page Technical Contacts (Peter Day, AAIT or Paul Petersen, Netcom), to the IT HelpDesk via phone or via the IT HelpDesk request form, or directly to members of the IT community. These security reports are forwarded to the Security Team since we are the central point of contact computer security incidents.

Security events include, but are not limited to:

  • hacks and attempted hacks
  • theft of data
  • virus/worms
  • spam
  • port scanning
  • copyright infringements (machines that are serving/distributing copyrighted material)

Security is responsible for receiving the notification of a suspected computer security violation, logging incidents, initiating trouble requests, coordinating response efforts for resolution and communicating incidents. Security is responsible for providing resources during investigations by local and federal law enforcement agencies. In some circumstances, Security investigates and remediate. The Security Team responsible for reviewing and investigating computer security incidents and coordinating the incident response with the General Counsel's office (when necessary), Netcom, IT HelpDesk, Academic Technologies (ATG), Housing, local support and system administrators.

If you are aware of a computer security breech, we ask that you report the information via email to SecurityTeam-L@listserv.emory.edu. Each month the Security Team provides a summary report of computer incidents to management including, but not limited to, the AAIT Vice Provost/CIO, General Counsels office, Netcom, AAIT ATG, and AAIT Technical Services. In the event of a serious security problem, the General Counsels office will be notified immediately and in some cases law enforcement is also notified.

Security Incident Response Process

For all security incidents, the Security Team will perform the following steps:

  • Verify that the report is not a duplicate by reviewing the Security Incident Log
  • Open an IT HelpDesk request which will include at least a portion of the original complaint and/or logs
  • Instruct NetCom to disable the port and note the physical location (building, room number, slot/port, and mac address)
  • NetCom will post the disabled ports with the mac address information on the support webpage
  • Typically the individual whose port has been disabled will call their local support person or the IT HelpDesk (404-727-7777).
  • The IT HelpDesk will check the disabled port page and match the individual to the ticket and assist with resolving the security issue.
  • Once the issue has been resolved (in some cases a complete reinstall of the operating system, installing anti-virus programs and/or updates, loading system patches and upgrades, etc), the local support person will notify the IT HelpDesk, Security and/or Netcom to have the port re-enabled.
  • Netcom will re-enable the port.
  • IT HelpDesk request will be closed.