Reporting of IT security incidents

• When does an IT security incident occur?

  An IT security incident occurs when the information security (confidentiality, availability and/or integrity) of data, information, business processes, services, systems and applications is compromised.

• Examples of IT security incidents

  An IT security incident occurs when unusual or suspicious events occur in the handling of IT systems. Typical signs are

  • Unexpected error messages or unusual system behaviour
  • Sudden loss of data or access
  • Suspicion of malware (e.g. unusual pop-ups, programmes starting on a self-employed basis)
  • Unknown programmes or files on the system
  • Unusual emails (e.g. phishing attempts or suspicious attachments)
  • Unauthorised access to user accounts or systems
  • Suspicion of data leakage or manipulation of data
  • Loss or theft of devices (laptop, smartphone, USB stick)

  If in doubt, it is better to report too much than too little about a possible incident - it is perfectly acceptable if a suspicion subsequently turns out to be unfounded.

• Procedure in the event of an IT security incident

  In the event of an IT security incident, it is crucial to remain calm and take a structured approach. Don't panic - a level-headed approach helps to limit damage. Follow the instructions on the IT emergency cardExternal link and follow them consistently.

  Stop working on the affected system immediately and disconnect the device from the network (e.g. unplug the network cable or deactivate WLAN) without switching it off. This will preserve important traces. Document all anomalies as precisely as possible and, if possible, take screenshots.

  Do not take any further action on your own, but wait for specific instructions. Inform the IT service centre or the information security officer immediately so that the incident can be dealt with professionally.