Reporting current threats
Examples of threats that could potentially lead to an incident, but have not yet resulted in one, include:
- unencrypted transmission of passwords
- distributing emails with malicious attachments
- software vulnerabilities or weak points in IT systems, e.g. inadequately secured remote maintenance access
- disregarding security requirements when planning processing activities
- suspiciously high network data traffic
- unlocked offices
- using the same password for two or more account or system logins
- using a laptop on business trips without effective hard drive / data encryption
The decision with whom to share your observations depends on the individual situation. First and foremost, relevant information must be immediately reported to the person who is responsible for any potentially affected processes, data, IT systems, IT applications etc., as they are expected to take the appropriate measures to maintain IT operations and ensure information security. If the scenario carries a high risk, i.e. a high probability of occurrence and/or an expectation of a considerable amount of damage should an incident resulting in damaging effects occur, it may be necessary to also inform the Data Protection Officer and/or the Information Security Officer.
If you are not able to determine who the responsible person is in regard to your individual situation, you should report your observation to the Data Protection Officer (datenschutzbeauftragter@uni-konstanz.de), KIM Support (support@uni-konstanz.de) or the Information Security Officer (informationssicherheitsbeauftragter@uni-konstanz.de).
In any case, make sure to provide specific information about what you observed and, if applicable, on the object(s) concerned (IP address, computer name in the DNS, IT service job title, room, device, etc.).