University of California, Riverside

Security Breaches



Incident Response Process


  1. Initial Response

    If a breach of security is suspected on a computing system that contains or has network access to unencrypted protected data, the Data Custodian will immediately:

    • Remove the computing system from the campus network.
    • Conduct a local analysis of the breach to determine the number of individuals whose protected data may have been acquired.
    • Notify the Data Proprietor and the Responsible Administrative Official if there is a reasonable belief that protected data may have been acquired, regardless of the quantity of information that might have been compromised.

    Top

  2. Initial Notification of Lead Campus Authority

    If the Data Custodian and Data Proprietor agree that protected data may have been compromised, the Data Proprietor should contact the C&C Network Operations Center at 827-4100 to report that a potential security breach has occurred and to request immediate notification of the Lead Campus Authority. Additional information should be sent via e-mail to security@ucr.edu and the Data Proprietor should quickly contact the appropriate Responsible Administrative Official.

    Top

  3. Initial Analysis of Security Breach

    C&C will examine the evidence of a breach with the Data Custodian to assess the possibility that unencrypted protected data has been acquired by an unauthorized source and report their conclusions to the Lead Campus Authority.

    Top

  4. UCOP and Campus Notification of Security Breach

    If, after consulting with C&C security staff and the Data Custodian, the Lead Campus Authority is reasonably certain that a security breach has occurred, the Lead Campus Authority will immediately report the breach to the Associate Vice President for Information Resources and Communications at Office of the President as well as the UCR Police Department. Notification will also be sent to UCR's Executive Vice Chancellor and Provost, Vice Chancellor of Administration, Locally Designated Official (see below), and the Responsible Administrative Official.

    Top

  5. Locally Designated Official (LDO) Notification

    If an improper governmental act is alleged or suspected, as defined in California Government Code Section 8547.2, the Lead Campus Authority will notify the LDO in accordance with Campus Policy Number 650-90 on Reporting and Investigating Allegations of Suspected Improper Governmental Activities.

    Top

  6. Recommendation Concerning Notification to Individuals Impacted by the Security Breach

    The Lead Campus Authority will bring together the appropriate Responsible Administrative Official, Audit and Advisory Services, UCR's Director of Financial Controls and Accountability, and the Vice Chancellor of Administration to make a determination whether criteria for notification under California Civil Code 1798.29, 1798.82 have been met and to determine the means of notification, if such notification is required (e.g., e-mail, postal mail, or web site notice, consistent with UCOP Notification Procedures). An incident report and suite of recommendations will be prepared for the Executive Vice Chancellor's review.

    Top

  7. Notification to Individuals Impacted by the Security Breach

    After obtaining the EVC's approval, the Lead Campus Authority will work with the Data Proprietor to ensure that the notification procedure is executed.

    An incident report will be submitted to the Executive Vice Chancellor. After obtaining the EVC's approval, the Lead Campus Authority will work with the Data Proprietor to ensure that the notification procedure is executed.

    Top

More Information 

General Campus Information

University of California, Riverside
900 University Ave.
Riverside, CA 92521
Tel: (951) 827-1012

Department Information

Computing & Communications
Computing & Communications Bldg.

Tel: (951) 827-3555
Fax: (951) 827-4541
E-mail: helpdesk@ucr.edu

Footer