What is an information security incident?

An information security incident is a deliberate or unintentional event or condition that results in actual or potential risk to the integrity, confidentiality or appropriate availability of information and services under the University’s responsibility.

According to the above definition, the concept of an information security incident should be considered to have a broad scope. Information security incidents cover data breaches, unexpected and significant downtime, or unauthorised changes to web pages, etc. Also covered is deliberately or unintentionally making confidential material publicly available, for example, by leaving confidential material in photocopiers, printers or in bins, or by losing memory devices, or leaving information open and unattended on a device or on a server space. Major malware is also included. If in doubt, the safest thing to do is to seek advice from the Aalto University IT security team (contact details below).

There is a separate policy and guidelines for reporting phishing: report phishing. If a phishing message is responded to, the phishing report will become an information security incident.

How do I report an information security incident?

The easiest way to report an information security incident is with the forms attached to this page. Form 1 is the general part of the notification and is intended for all reporters. The form does not need to be fully completed.

With Form 2 it is possible to give more detailed technical background information about the incident. Form 2 is information system focused, but it can be used for reporting all types of information security incidents. This form also does not need to be fully completed.

Forms should be sent via Aalto University's internal email (Exchange), by internal mail in a closed envelope or by normal postal services.

• Email should be sent to [email protected].
• When using internal mail, please mark the recipient as: Tietoturva/Aalto IT, PL 11100.
• When using normal postal services, the form should be sent to: Tietoturva/Aalto IT, PL 11100, 00076 Aalto.

Please note: A completed information security incident notification is always deemed confidential and it may contain information that may be harmful in the wrong hands. Therefore, please handle the forms accordingly.

If you would prefer to report an incident anonymously, you can do so by using the forms on this page and return them by internal mail or by normal postal services.

You can also make a notification by email to [email protected] or by calling +358 (0)50 300 7313. In sensitive cases, the notification can also be made at [email protected].

Notification forms

Use the forms below to report an information security incident at Aalto University or in one of its information systems.