Security Incident Reporting
What is an information security incident?
An information security incident can be defined as any violation, or imminent threat of violation, of computer systems or other information technology resources or data that pose a threat to the whole or part of the Emory enterprise. Examples include but are not limited to:
- Data loss, theft, or misuse
- Unauthorized changes to hardware, software, firmware, or data
- Unauthorized changes, exposure, or deletion of information assets
- Activities that violate Emory’s Information Technology Conditions of Use policy
- Degradation of services due to intentional action
Examples can include, but are not limited to:
- Lost or stolen devices (phones, tablets, computers, etc.)
- Presence of malware (viruses, spyware) or other unauthorized/unexpected programs
- Intentional or unintentional posting of restricted or confidential data in a publicly accessible place
- Inadvertent disclosure of restricted data to a third party
Reporting Security Incidents
If you feel that you have a security incident to report, please use the contact information below, contact your local support representative, or contact the University (404-727-7777) or Healthcare (404-778-4357) service desks.
Reporting Stolen Devices
See the following knowledge article: KB06396
Reporting Spam and Phishing
If you believe you have received a spam or phishing message, you may report it to both abuse@emory.edu and junk@office365.microsoft.com. It is best to send these messages as attachments, rather than just forwarding them. In most mail clients you can do this by composing a new message, and dragging the message that you want to attach into the body of the new message.