Compromised Systems Procedure

Description

If the security of one computer on an HSU network is compromised, the integrity of every piece of information stored on that network is at risk.

Deliberately hacking into a computer is not a joke or a prank. It is a felony and as such is regarded extremely seriously by HSU, the CSU system, and law enforcement. California law requires that the trail of evidence be preserved as far as is practicable and that HSU take additional action where the security of personally-identifiable or other confidential information has been compromised.

Instances of potentially-compromised systems must always be referred to the Campus Information Security Officer at (707) 826-3815 or the University Police Department at (707) 826-5555 for implementation of HSU's Compromised Host Procedure.


Who's it for?

Additional Information

Only qualified IT staff are permitted to handle machines suspected of being compromised.



Accessing This Service

Do not attempt to access any of the information security tools referenced on this page without the assistance of qualified IT staff and/or the Campus Information Security Officer.


Using This Service

If you suspect that a machine for which you are responsible has been hacked, contact your ITC or the Technology Help Desk immediately.

If you are 100% sure that no protected information is stored on the affected machine, do the following:

  1. Turn off the machine and disconnect it from the network. Do not back up or copy any files on the system or make any attempt to use the machine or mitigate the attack. Turn it off and disconnect it.
  2. Contact your ITC and/or the Technology Help Desk AND the Campus Information Security Officer (x3815) immediately if you suspect a machine for which you are responsible is the subject of an intrusion attempt. If the ISO is not available, report that you are calling because of an information security incident, and your call will be routed to someone who can address the issue immediately. Arrangements will first be made for ITS and UPD staff to inspect the machine. Make absolutely no use of a compromised machine without the approval of the ISO.
  3. Make no public statements about the incident. All questions must be referred to the ISO during any investigation. After the investigation, specific referral directions will be issued by the ISO.

If the presence of Level 1 data is identified at any point during the investigation, all work by campus IT Support and anyone NOT a member of the Campus Incident Response Team (CIRT) technical team designated by the Information Security Office must immediately stop.


Frequently Asked Questions
Location

The Information Security Office is located in Van Matre Hall 201, phone (707) 826-3815.


Policies

Please refer to HSU/CSU information security policies for compromised system coverage.


feedback