The purpose of this standard is to establish the university’s obligation to ensure a consistent and effective approach to the management of information security incidents.
This standard is applicable to UNC Charlotte faculty, staff, students and all authorized users granted use of university information resources. Every authorized user of university information resources has a responsibility toward the protection of those resources.
Direct any general questions about this standard to your unit’s Information Security Liaison. If you have specific questions, please contact ITS Information Security Compliance at ISCompliancefirstname.lastname@example.org.
IV. Information Security Incidents
An information security incident is defined as an attempted or successful unauthorized access, use, disclosure, modification or destruction of information; interference with information technology operation; or violation of acceptable use policies. A security incident may include any of the following:
- a breach, attempted breach or other unauthorized access of a university information resource originating from within the university network or an outside entity
- an exposure of sensitive or confidential non-public information
- an intentional disruption or attack impacting university information resources
- a loss or theft of a university information system asset
Information security incidents should be reported through appropriate channels as quickly as possible. Established procedures should ensure a quick and effective response to all reported information security incidents.
UNC Charlotte faculty, staff, students and all authorized users granted use of university information resources must notify ITS immediately of any suspected or real information security incident. If it is unclear as to whether a situation should be considered an information security incident, ITS should be contacted to evaluate the situation.
The UNC Charlotte Guideline for Reporting Information Security Incidents provides additional information regarding the steps to follow to report a potential or real information security incident.
ISO/IEC 27002 was adopted by The University of North Carolina at Charlotte in 2012. All standards and guidelines are based on this code of practice for Information Security Management.
Initially approved by Information Assurance Committee 12/18/14