[Doc 24143 content is unavailable at this time.]

• Service Description
• Support Conditions
• Creating WiscIT Incidents
• HDQA Notes

Service Description

The UW-Madison Information Incident Reporting Policy requires the reporting of an incident where there is a reasonable belief that unauthorized persons may have accessed sensitive information held by the UW-Madison, such as Social Security numbers, personal health information, and student data.

Agents are NOT expected to validate breach incidents.

For details, see Help Desk - Security Breaches.

Support Conditions

• Service Users: UW Madison Faculty, Staff and Students
• Availability: N/A
• Server Information: N/A
• Unique Support Conditions: Per UW Madison campus policy, anyone reporting the loss of University Sensitive data will call the DoIT Help Desk. Help Desk Agents will gather required call information to forward to HDQA.

Creating WiscIT Incidents

Select an appropriate service, category and subcategory from the options below.

• Incident Response and Investigations

• BadgIRT
• Submit Incident

Required call information (other than the usual problem symptom, troubleshooting and contact info, etc):

Type 1: Physical - includes incidents such as the loss of a laptop, theft of computer equipment, etc.

Customer name: Customer's preferred method of contact (e.g. email, cell or after work house contact number): Date of possible loss/theft: Location of possible loss/theft: The type and volume of sensitive information at risk or possibly lost (if caller has sensitive information on the device treat as logical breach): Whether or not encryption was in use to protect the sensitive information: Law enforcement whom the customer has reported the loss or theft (e.g. UW police, Madison police or another police unit). The police is the primary contact for physical theft:

• If the device is a UW device, ask caller to contact UW Police at (608) 264-COPS or (608) 264-2677,  as well as their local police unit.
• If customer has a police number or case, include that in the call.
• If the customer has not reported the loss/theft, advise him/her to report it:

Type 2: Logical - includes incidents such as sensitive information accidentally released on Google, an attacker gaining unauthorized access to a server or application processing/storing sensitive information, etc.

Customer name: Customer's preferred method of contact (e.g. email, cell or after work house contact number): Date and time of possible breach: How possible breach was discovered (e.g. URL, Google, etc.): The type and volume of sensitive information at risk or possibly lost: Other University staff to whom the customer has reported the incident (e.g. local department IT staff, department director/chair, etc.): For DoIT supported services, gather relevant handling information detailed in that service specific handling document (e.g. Learn@UW, MyUW, NetID, etc.):

HDQA Procedure for Handling a Confirmed Security Breach

Business Hours Procedure:

1. Determine the type of security breach (Type 1 or Type 2) from the descriptions above.

2. Gather the relevant handling information for the type of security breach, entering the information in a Journal Note and NOT in the Description field (This is so the details of the security breach are kept internal).

3. Please use the following flowchart to complete the handling procedure:

   

After-Hours Procedure:

It is standard protocol that OCIS contact the Help Desk in the event of a security breach after normal business hours (as opposed to a customer contacting us during normal business hours).

Thus, after-hours handling of a security breach should be handled in the same manner as normal business hours handling. Please refer to the procedure listed above for handling.