Report Security-Related Issues or Incidents
Notify InfoSec at firstname.lastname@example.org or 808-956-2400 if any of the following may have occurred:
- A UH webserver is defaced.
- A UH server appears to be compromised.
- Sensitive information (e.g. student records, Social Security numbers, etc.) may be lost, stolen, exposed, or accessed by unauthorized personnel.
- A computer, laptop, mobile device, portable storage, etc possibly containing sensitive information is lost or stolen.
- Paper documents containing sensitive information is lost, stolen, exposed, or accessed by unauthorized personnel.
- Any suspicious activity related to UH resources (e.g. network, servers, copiers, paper recycle bins, etc.).
Incident Handling Procedures
If a security-related issue or incident is detected, report it immediately to email@example.com then do the following:
- Isolate the Device - Disconnect the device from the network by unplugging the network cable, disabling WiFi, or suspending the virtual machine. Do not restart or turn off the device.
- Clone the Device - Use a program like FTK Imager Lite to capture the RAM and clone the server's hard drive. If it is a virtual machine, take a snapshot.
- Inspect the Device
- Inspect open network connections
- Inspect running processes, services, and daemons
- Inspect startup folder and autorun-related registry keys
- Inspect scheduled tasks and cron jobs
- Inspect logs (e.g. system, event, webserver, ssh)
- Inspect temp and cache files and folders
- Search for suspicious, hidden, and large files, programs, and scripts
- Perform a scan using a different AV scanner
- Perform a scan using a rootkit detector
- Physically inspect all external ports and attached devices
- Determine the Risk - Determine if sensitive information (e.g. student records, Social Security numbers, etc.) was stored on the device or stored in a repository/database that the device had access to.
- Determine the Scope - If possible, determine if other devices are affected and if so, isolate those devices.
Breach Notification Procedures
If a breach involving sensitive information is confirmed, affected individuals will need to be notified. Hawaii State law requires that the breach notification letter contain specific, required elements as described in this Data Breach Notification Letter Template.