Information Protection and Security

The intent of this document is to describe the procedures to support the identity theft compliance policies, provide reporting guidelines and guidance to departments. The CIRT works with departments to help in the data gathering process.

CONFIDENTIAL DRAFT

Dear ------- :
We have discovered a security breach to a database maintained by the university that contains personal information.
We have no indication that any of your information has been misused. Nevertheless, we wanted to inform you about steps that you can take to protect your personal information. We also wanted to make you fully aware of the steps the university is taking.

Notes on data breach handling.
 

Webpage defacement occurs when a web page is changed without authorization and generally includes visual damage to the website.

Computing resources are sometimes misused for harassment and stalking. These behaviors may spread beyond cyberspace into "real life" and can be seriously disruptive for the victim. Law enforcement also deals with cases of online fraud and child pornography. Points of contact for filing reports follow.
 

This is yet another form of malware.
 To remedy, follow the malware recommendations.
 

This is a form of malware as well, named in honor of the Trojan horse.  As in the original incident, the program masquerades as harmless or even beneficial, and turns out to be malicious.
 
Follow the recommendations for handling malware.

A form of malware used to steal information.

Spam is unsolicited email, usually commercial in nature and offering products or dubious "deals".