Reporting of Information Security Incidents
Introduction
This Directive at Concordia University sets a standard for everyone to report any suspicious incidents regarding the security of the university's computer systems. The IT Support Staff will handle these incidents in coordination with the cybersecurity operations team, following Concordia’s Incident Response Plan and Quebec government regulations.
Why is this required? The Chief Information Security Officer issued this Directive under the Information Security Policy (VPS-33). VPS-33 is adopted in accordance with the Directive sur la sécurité de l’information gouvernementale (section 7) which requires public bodies to adopt and implement a policy on the security of information.
What this means for you
All Information Security Incidents must be reported including:
- unauthorized access,
- phishing emails,
- theft,
- system or network intrusions,
- willful damage, and
- fraud.
The university's cybersecurity team will take charge of the incident to ensure a timely and appropriate response, meeting all legal obligations.
Feedback
The Chief Information Security Officer is responsible for implementing, reviewing, and approving this Directive and for conducting regular reviews to ensure compliance with internal and external requirements. If you have any feedback or questions about this Directive, please email ciso@concordia.ca
For accessibility-related questions or feedback related to IT security incidents, email iits-accessibility@concordia.ca.