Columbia Campus IT SecurityUMKC IT SecurityRolla Campus IT SecuritySt. Louis Campus IT Security

Human Resource Security

Mandatory Reporting Requirement

Purpose

In order to ensure a proper and coordinated response and to take advantage of all possible opportunities for improving the University's information security environment, it is imperative that all actual or suspected information security incidents and/or weaknesses be reported.

Definitions

Incident: An information security incident is inappropriate or unauthorized access, or attempted access, to any type of information system or to any area where confidential information or electronic media are held.

Weakness: An information security weakness is a condition or circumstance that poses a reasonably apparent risk of unauthorized access to confidential information, unauthorized access to University computers or networks, damage to or interference with University computers or networks, or loss of information.

Requirement

All information security incidents and suspected incidents must be immediately reported to the appropriate central information security office at your campus or business entity. Additionally, all information security weaknesses must be immediately reported to your departmental IT office or central IT office. All University faculty, staff and student employees must comply with this requirement. Failure to report information security incidents, suspected incidents or known weaknesses may result in disciplinary action. All University faculty, staff and student employees are strongly encouraged to report any other conditions or circumstances that, if addressed, would improve the overall security environment.

Examples

Information security incidents and weaknesses may include but are not limited to:

*It is recommended that all physical thefts be reported to your campus or local police department before reporting the incident to the campus IT security office. Physical thefts of computers or related materials should be reported to both the police and to IT security to ensure that both departments receive the information.

Approved July 7, 2008