Incident Response

What is a security incident?

It’s defined as an adverse or malicious event in an university system, on our network, with a technology resource or the threat of the occurrence of such an event. A security incident implies harm or the potential for harm.

Formally, security incidents can be defined as any of the following:

  • Unauthorized access to, disclosure, or manipulation of UofL financial data
  • Unauthorized use of UofL credentials
  • Accidental or intentional data exposure that makes Personally Identifiable Information (as regulated by HIPAA, FERPA, PCI, GLBA, Export Controls, KRS 61.931-934, etc.) or other sensitive data viewable to individuals not authorized to view the data
  • Theft, exfiltration, or loss of university information, or systems, including hardware or storage media, financial data, student records, financial aid information, research data, and employee information
  • Any system’s unavailability because of unauthorized activity
  • Damage to, or tampering with, university systems by an external malicious actor or insider threat
alert-outline

For all cybersecurity incidents, contact secureit@louisville.edu. For data privacy and breach related incidents, contact isopol@louisville.edu.