U4, Reporting Cybersecurity Incidents

Information Security Standard

1. Introduction

  • 1.1 Compromises in security can potentially occur at every level of computing from an individual's desktop computer to the largest and best-protected systems on campus. Incidents can be accidental events or deliberate attempts to break into systems; purpose or consequence can be from benign to malicious. Regardless, each incident requires a careful response, at a level commensurate with its potential to cause harm to an individual and the University, as a whole, as defined in the UBC Cybersecurity Incident Response Plan.
  • 1.2 This document defines standards for Users to report any suspicious incidents relating to the security of UBC Electronic Information and Systems. University IT Support Staff (including both departmental IT and UBC IT staff) are responsible for handling security incidents in coordination with UBC Cybersecurity.
  • 1.3 The Chief Information Officer has issued this standard under the authority of Policy SC14, Acceptable Use and Security of UBC Electronic Information and Systems Questions about this standard may be referred to information.security@ubc.ca.

2. Incidents That Must be Reported

  • 2.1 Users must report the following Cybersecurity Incidents (if there is uncertainty whether a violation has occurred, Users must err on the side of caution and report the incident anyway):
    • 2.1.1 all violations of Policy SC14, Acceptable Use and Security of UBC Electronic Information and Systems; examples include but are not limited to:
      • 2.1.1.1 use of UBC computing facilities to commit illegal acts;
      • 2.1.1.2 unsolicited or spam email originating from UBC sources;
      • 2.1.1.3 unauthorized access, use, alteration, or destruction of UBC Electronic Information or UBC Systems, including but not limited to: software, computing equipment, Merchant Systems, network equipment, and services;
      • 2.1.1.4 theft of any UBC Electronic Information whether it be via electronic means or physical theft of any Device containing this information; and
      • 2.1.1.5 loss or theft of any Multi-Factor Authentication Device (MFA Device).
    • 2.1.2 unauthorized wireless access points discovered in either merchant areas or areas accessing, transmitting, or storing UBC Electronic Information; and
    • 2.1.3 use of Malicious Code, which may show up as unexplained behavior on desktops, laptops, or servers such as webpages opening by themselves, new files or folders appearing on the local hard drive, and lockouts of user accounts.

3. How to Report Incidents

  • 3.1 Users must immediately report all suspected Cybersecurity Incidents as follows:
    • 3.1.1 to security@ubc.ca or via phone to the IT Service Centre at 604-822-6141. UBC Cybersecurity will:
      • 3.1.1.1 coordinate the incident as required in accordance with the UBC Cybersecurity Incident Response Plan; and
      • 3.1.1.2 assess whether to engage UBC’s contracted third-party digital forensics and incident response (DFIR) services. The affected department or faculty will be responsible for any costs associated with the incident.
    • 3.1.2 to their supervisor and University IT Support Staff who are assigned to their unit; and
    • 3.1.3 where the incident also involves physical security issues on a UBC campus, to Campus Security.
  • 3.2 Where the incident involves loss or theft of a Device containing UBC Electronic Information, Users must provide a written confirmation of the Encryption status and method (e.g., encrypted with BitLocker) at the time of loss or theft. University IT Support Staff may be able to assist in providing this information.
  • 3.3 It is essential to report incidents immediately, as time is of the essence when dealing with information security breaches and other potentially damaging incidents arising from Malicious Code.
  • 3.4 Incidents where a system is compromised and threat actors are interacting directly with the system (not an automated attack but a “hands on keyboard” attack), UBC Cybersecurity will isolate the system on the network to reduce damages, while making every effort to contact the Technical Owner and Information Stewards/Owners.

Related Documents and Resources

UBC Cybersecurity Incident Response Plan (with CWL credentials)

Policy SC14, Acceptable Use and Security of UBC Electronic Information and Systems

Securing and Preserving Electronic Evidence guideline

Standard Last Revised: 2025-03

Page last updated on January 26, 2026

Office of the CIO

6356 Agricultural Road
Vancouver, BC Canada
V6T 1Z2
604 822 3634
E-mail ubc.cio@ubc.ca

Related Sites

Need Help?

Urgent Message An exclamation mark in a speech bubble. Bluesky The logo for the Bluesky social media service. Bookmark A bookmark in a book. Browser A web browser window. Caret An arrowhead indicating direction. Arrow An arrow indicating direction. Arrow in Circle An arrow indicating direction. Arrow in Circle An arrow indicating direction. Time A clock. Chats Two speech clouds. E-commerce Cart A shopping cart. Facebook The logo for the Facebook social media service. Help A question mark in a circle. Home A house in silhouette. Information The letter 'i' in a circle. Instagram The logo for the Instagram social media service. Linkedin The logo for the LinkedIn social media service. Location Pin A map location pin. Locked A locked padlock. Mail An envelope. Menu Three horizontal lines indicating a menu. Minus A minus sign. Pencil A pencil indicating that this is editable. Telephone An antique telephone. Play A media play button. Plus A plus symbol indicating more or the ability to add. Print A printer pushing out a piece of paper. Search A magnifying glass. Settings A single gear. Arrow indicating share action A directional arrow. Speech Bubble A speech bubble. Star An outline of a star. Twitter / X The logo for the X (aka, Twitter) social media service. User A silhouette of a person. Vimeo The logo for the Vimeo video sharing service. Youtube The logo for the YouTube video sharing service.