Cybersecurity Awareness Month 2025: Knowing Your Role in a Security Incident

As fall sets in and we recognize Cybersecurity Awareness Month this October, we in IT wanted to remind everybody of one of NEOMED’s information security policies, our incident response plan, as well as the vital role you play in ensuring that we maintain a cyber secure environment. We’ll cover the basics of what is considered a security incident, what your role as a NEOMED employee, faculty member, or student is, and finally how you can report an incident if you think you’ve encountered one. Without further ado, let's begin with an overview of our NEOMED incident response plan.

Background

As a university which encompasses several colleges and employs staff and faculty members, NEOMED utilizes a vast array of technological resources which support most daily work, study and research functions. Part of what makes these technological resources so helpful is how they can streamline and give form to pieces of information, and also enable the efficient use, and sharing of this information. For the sake of our discussion, this will be referred to as University Data (information created, collected, stored and/or managed in association with fulfilling the University’s mission or its required business functions). University Systems thus refers to technology organized for the collection, processing, maintenance, use, sharing, dissemination or disposition of University Data. The ability for each of us at NEOMED to meet the needs of our academic, administrative and research communities is facilitated, in large part, by using University Data.

While these technology resources are important assets of the University and are fundamental to carrying out NEOMED’s mission, they also introduce risk, which are increasing in both number and variety (e.g. phishing, identity fraud, etc.). Additionally, the regulatory environment impacting higher education data and systems is increasingly complex. Since the United States tends to adopt data-protection laws based on the underlying industry (as opposed to a singular national data-protection law), data and systems within higher education are protected by a patchwork of different federal and state laws.

What is a security incident?

To better understand what a security incident is, it is important to understand what information security means. Information Security refers to the protection of University Data and Systems from unauthorized access, use, disclosure, disruption, modification and destruction with the intent to provide confidentiality, integrity and availability to such Data and Systems.

A security incident refers to an adverse event that results in a suspected or known unauthorized disclosure, misuse, alteration, destruction, or other compromise of University Data or Systems. In practical terms, a security incident may be anything from an email account which becomes compromised via a phishing email or otherwise, to a violation of compliance guidelines such as PCI, FERPA, GLBA, HIPAA, etc. A security incident could also appear as sensitive university data being exposed to unauthorized parties in. If you believe sensitive or private university data was compromised or accessed by an unauthorized party, either by mistake or willingly, it likely qualifies as a security incident.

With that, the next logical questions are what is your role, and how can you report a suspected or confirmed security incident?

What is your role?

Your role may vary somewhat depending on what you do at NEOMED, however it is vital that no matter if you are an employee, student or faculty member, you report all suspected or confirmed security incidents as soon as they occur. In the case of suspected security incidents, it never hurts to be overly cautious, and it is always best to report suspected incidents, even if they happen to end up being a false positive. It is always better to be safe than sorry. Beyond reporting any suspected security incidents, it is also helpful to provide any and as much pertinent information regarding the incident as possible. The more information you can provide, the more effectively we in IT can act to remediate the incident at hand by ensuring that sensitive university data is protected and that damage is mitigated.

How can you report an incident?

To report a security incident, any of the following methods may be used;

Via email

• itsecurity@neomed.edu
• help@neomed.edu
• security@neomed.edu

Via phone

• Help Desk – 330-325-6911
• IT Security Contacts
• Jonathan Wagner, Director, Information Security & Education Services, IT Department – 330-325-6243
• Ronald McGrady, CITO, IT Department – 330 325-6799

Once we receive your report, we will get back to you as soon as possible. However if one of the above contacts is unavailable, or does not respond within 15 minutes, you should contact another IT security contact if the previous one did not respond.

Wrap Up

If you have any further questions about what a security incident is, or perhaps how it may pertain to your specific role at NEOMED, please reach out. Likewise, if you have any questions in general, please don’t hesitate to ask the NEOMED IT team. We are here to help you and are happy to assist in any way we can to ensure that you are aware of and comfortable with our information security policies here at NEOMED.

For a more in depth look at our policies, please see the NEOMED Policy Portal, or to view the Information Security Incident Response Plan in particular, please visit Information Security Incident Response Plan | Policy Portal | NEOMED.

We thank you for your time, and hope you found this helpful. 

- submitted by Dan Foster, IT