The President’s executive committee approved the University of Delaware Information Security Events Reporting policy on December 3, 2021.
UD’s Information Security Event Reporting policy addresses a missing element of UD’s security response process. This policy is foundational to UD’s ability to effectively respond to security events and to meet required notification obligations, whether those are contractual or legal. Most of UD’s defined peers have a similar reporting requirement.
Simply put, the policy requires that any member of the University community who has reason to believe that University data may be at risk must notify their designated IT professional or the Security Operations Center of UDIT.
To report a security event to the Security Operations Center, use this form: https://services.udel.edu/TDClient/32/Portal/Requests/TicketRequests/NewForm?ID=iZj6hHX-efI_
Digital cybersecurity threats spread rapidly. Without timely reporting, UD cannot effectively respond to security incidents. (Last year, UD experienced multiple security events that have come to light – unfortunately, much later than they should have.) Timely reporting and notification increases the likelihood of preventing broad or catastrophic impacts as well as allowing for speedier recovery.
The approved policy may be found at: https://sites.udel.edu/generalcounsel/policies/information-security-event-reporting/