Report an Information Security IncidentSub-Title
How to Report an Information Security Incident
<Information Security Incident Form>
Definition of an incident
The definition of an information security incident is a suspected, attempted, successful, or imminent threat of unauthorized access, use, disclosure, breach, modification, or destruction of information; interference with information technology operations; or significant violation of acceptable/technology use policy.
A successful or unsuccessful attempt of:
- Unauthorized access, use, disclosure, modification or destruction of information.
- Intentional interference with the operation of information technology.
- Violation of our security policies including but not limited to our acceptable/technology use policy.
The following are examples of a security incident:
- Suspected or actual breaches, compromises or other unauthorized access to accounts, systems, applications or data
- Compromised user accounts
- Computer system intrusion
- Unauthorized or inappropriate disclosure of information classified as Level 3 Extreme, Level 2 High, or Level 1 Medium
- Ransomware infection
- Unauthorized access to, or use of any applications, accounts or data
- Loss or theft of equipment used to store GAC data
- Denial-of-service attack or any attack that prevents or impairs the authorized use of networks, systems or applications
- Successful spear phishing or social engineering with ill intent or causing financial harm to GAC
- Any interference with the intended use of technology resources