Reporting Information Security Events and Exposure of Confidential Information
An information security Event is:
- an observed or reported change in the normal functioning of Harvard’s information systems;
- an observed or reported possible threat to the security, confidentiality, integrity or availability of confidential or otherwise protected or sensitive information; or
- a potential violation of Harvard’s Information Security Policy or Research Data Security Policy.
An Event could include loss of access to data as a result of system unavailability.
In the case of an information security Event involving any Confidential Information, that is, any information classified or treated as data under Levels 2 – 5 of the Harvard Data Classification table, report the Event immediately by following these steps:
- Notify the University Chief Information Security Officer Christian Hamer
- Notify the CIO and Security Officer of the relevant School according to local contact information.
- After consulting with information security to understand the risk, contact the Office of General Counsel, at Ranna_Farzan@harvard.edu. OGC main number is 617-495-1280.
In case of any other information security Event (including any other violations of information security policies), notify the Security Officer of the relevant School according to local contact information.
Upon discovery of an information security Event involving credit card information, the user is additionally required to immediately contact Harvard Cash Management (Stephanie Motta 617-496-6130).
If you are uncertain whom to contact, notify Harvard University Information Security via the University Help Desk at firstname.lastname@example.org.
Revised: September 3, 2019