Reporting Information Security Incidents

It is critical to report IT security incidents, whether actual or suspected, as soon as possible. This will assist the investigation and resolution of the incident.

What is a Security Incident?

An information security incident is:

  • Unauthorized attempts (failed or successful) to access, use, modification, or destruction of a system or it’s data.
  • Loss or disclosure of data sensitive university information.
  • Interference with information technology operation.
  • Unauthorized changes to system firmware, software, hardware without the owner’s knowledge or consent.
  • Violation of explicit or implied University of Regina IS related policy.
  • Vulnerabilities of the information services infrastructure or applications.

Examples of information security incidents include, but are not limited to:

  • Receipt of phishing email messages.
  • Impersonation of a user or account.
  • Unauthorized copying or impersonation of a University website.
  • Defacement of a University website.
  • Posting confidential data to a publicly accessible website.
  • Use of computing resources for unlawful purposes.
  • Inadvertent sharing of restricted data to unauthorized recipients.
  • Installation of unapproved hardware such as wireless access points.
  • Malicious software installations on systems storing university records.
  • Theft or loss of hardware containing sensitive University data.
  • Unauthorized use of a user’s computer account.
  • Sharing or revealing of usernames and passwords.

Reporting an Information Security Incident

Any member of the University of Regina community who becomes aware of or suspects the occurrence of an information security incident should immediately report the incident using one of the following means:

Theft of Computing Equipment

To report a suspected theft of University of Regina related computing equipment, report the incident to the police as well as IT Support: