Personal tools
You are here: Home Department IT Security Technical Staff Best Practices Lost or Stolen questionnaire
Contact information
rusecure@rutgers.edu
(732) 445-8011

RU Secure Home
 
Document Actions

Lost or Stolen questionnaire

last modified 2008-03-03 12:06

Use this to help you remember as much as possible about your lost/stolen device or media.

Lost/Stolen Electronic Media or Computing Device questionnaire

 

All information you provide will help us to identify the nature of the data exposed. It might also assist in find your computer. While there are many questions on this form, they are intended to help you remember as much as possible about your lost device or media.

 

Once you have completed the form please send it to ‘abuse@rutgers.edu’.

 

1.     General Incident Information

a.     Your name

b.     NetID

c.     Office phone

d.     Cell/pager

e.     What was the date and approximate time the loss occurred?

f.      Give a brief description about what happened (e.g., lost, stolen; where/when last seen and last used)?

g.     Has a Rutgers police (RUPD) report been filed?  If yes, RUPD case number:

h.     If non-Rutgers law enforcement has been engaged, please include name of law enforcement organization, contact information, and a case number.

i.       What is the current status of the computer or media (e.g., has it been recovered)?

j.       Have you requested that RUPD investigate if this computing device has been using the University network since it was lost/stolen?

k.     Has anyone else used it?

 

2.     Computing device information (if not a computing device skip to question #2)

a.     Please identify your computing device: make, model, color, serial #, Rutgers asset tag #, other identifying marks/parts/peripherals

b.     Who owns the computer (Rutgers, personal or some other organization)?

c.     Do you have any record of the physical hardware addresses associated with the device?

d.     Do you know any recent IP addresses, hostnames or computer names that are registered or known to be recently associated with the device (e.g., 128.6.x.x or 165.230.x.x)?

e.     Is the computer enrolled in the Cyber Angle or other similar program?  If so, what is the unique ID? Have they been contacted?

f.      Was there any additional devices and/r media with it?

g.     Is the device capable of receiving e-mail?

h.      

 

3.     Data classification:

a.     Was this computing device used to create, access or receive ePHI - electronic Protected Health Information (see)? If ‘no’ skip to section #3b.

                                          i.     Give a brief description of the PHI including 1) whether the data is primary source and if so, 2) whether it is used for treatment, research and/or teaching?

                                         ii.     What is the scale/scope of the data (e.g., large database, multiple spreadsheets, word documents, email correspondence)?

                                       iii.     Are there passwords that could be used to access Rutgers or non-Rutgers systems with ePHI?

                                       iv.     Is any of the data from non-Rutgers entities?

 

b.     Was this computing device used to create, access or receive personally identifying, restricted or other protected information (examples include associated Social Security numbers, grades, names, birth dates, addresses, electronic Financial Information or other information protected by Family Education Rights & Privacy Act-FERPA or other confidential data? If ‘no’ skip to question #4.

                                          i.     Please describe the nature of the data.

                                         ii.     What is the scale/scope of the data (e.g., large database, multiple spreadsheets, word documents, email correspondence)?

                                       iii.     Are there passwords that could be used to access Rutgers or non-Rutgers systems with personally identifying, confidential or other protected information?

c.     Have you notified the Information Protection and Security division of OIT? If Yes, with whom did you talk?

 

4.     Data security

a.     If you answered yes to either 3a or 3b, is the data backed up?

                                          i.     Is data centrally backed up by OIT?  By your department? By yourself?

                                         ii.     If you are not using central backup, what backup method was used (e.g., CD, USB or tape drive)?

b.     Can we get access to the backups?   How? Is there an IT support provider?

c.     Are the disk and/or the data encrypted? How (e.g., PGP)?

d.     If known, what are the directories and/or files where data containing sensitive or restricted data are potentially located on the computer?

e.     Describe your most sensitive email and data file.

 

5.     Notification

a.     Have you contacted Rutgers's Office of General Counsel? Who was your contact?

b.     Have you notified your Business Manager? or Manager/Supervisor?

                                          i.     Your Department Business Manager’s Name:

                                         ii.     Your Manager/Supervisor Name:

c.     If your own personal/confidential data was lost/stolen, have you reviewed identity theft /fraud implications?  (http://rusecure.Rutgers.edu/) We recommend taking timely action to protect your identity.

d.     Have you entered the data for and searched the National Stolen Computer Registry (http://www.stolencomputers.org/home.html) for your computer’s serial number?

 

[Revised 19 Nov 2007]
Powered by Plone CMS, the Open Source Content Management System

This site conforms to the following standards: