In case of information security deviations or cases related to them, the safest thing to do is to ask Campus ICT for advice.
If you observe or suspect misuse of a network, services or an account, you can also send an e-mail notification to tietoturva@oulu.fi.
In this instruction:
What is an information security deviation?
An information security deviation is an intentional or unintentional event or situation resulting in actual or possible compromise of the integrity, confidentiality or appropriate usability level of information and services under universities’ responsibility.
Security deviations may include disturbances caused by data trespass, malware, unexpected and significant outages or unauthorised changes to websites.
In addition to the above, confidential material may be forgotten and left behind to be publicly available (for example, copying machines, printers, wastepaper baskets, lost storage media or devices).
Reporting an information security deviation
When contacting our service address tietoturva@oulu.fi, state your issue clearly. With the basic data given, we can serve you better and more quickly. You can copy topics above into an email message or send your report on paper.
*** *** (start copying here) *** ***
The following are the basic data for the notice:
- Information of the informant (name, e-mail address, phone number)
- When has the deviation been observed (date, time):
- What does the deviation concern:
- System (what):
- Service (what):
- Other (what):
- Information:
Short description of the deviation:
- Assessment of the content of the information system or information (personal data, confidential data, other non-public data…) and the damage caused by the deviation:
Informant’s assessment of the severity of the deviation (severe, significant, minor, N/A):
*** *** (end copying here ) *** ***
You can copy into the e-mail message the sections above and then supplement before the sending.
Alternatively, you can print or write a report on paper. Send the written report on paper in a closed envelope by internal mail of the universities or by ordinary mail;
-
- When using internal mail, use the address: Information security/University of Oulu, PO Box 8000.
- When using ordinary mail, use the address: Information security/University of Oulu, PO Box 8000, 90014 Oulun yliopisto.
Note! A filled-in notice is always confidential, and it might include information that can be harmful in the wrong hands. Handle the forms accordingly.
If you want to make an anonymous notice, the best way is to fill in the basic information form on this page and return it by internal mail or ordinary mail.
The University of Oulu processes the information security deviation notifications, responds to them in a suitable way and assists in solving the deviation. The processing of deviations includes communication with the necessary stakeholders (universities, higher education institutions, CERT (Computer Emergency Response Team) groups of FUNET and Ficora, and authorities).