Reporting Incidents and Incident Response

If you suspect a computer security incident, please contact:

UCCS IT Security Principal 

                        Greg Williams
                          719-255-3211 office
                        719-237-6491 cell
UCCS IT Security Analyst
                 Neil Kautzner
                         719-255-3221 office

Some signs that may mean you’ve been compromised:

  • Pop-ups or warnings from Symantec Endpoint (even if they seem insignificant)
  • Computer is on when you are sure you turned it off
  • Unexpected user’s name is shown on login page
  • Files or folders are changed, missing, or appear without your knowledge
  • Cursor moves around without you touching the mouse
  • Password suddenly no longer works but did not expire

What to do:

  • Leave the computer running
  • Disconnect computer from network by removing the Ethernet cable from wall port or from back of computer
  • Do not call the IT help desk; call one of numbers above, or send an email to
  • Give as much of the following information as possible:
  1. Person who detected the incident
  2. Date and time detected
  3. System/service involved
  4. Location (bldg/room) of system/service
  5. Department responsible for the system/service
  6. Type and scope of data compromised (if known)
  7. Brief description of the event (or of the weakness exploited)

Guidelines for Reporting:

UCCS Incident Response Plan can be found here: UCCS Computer Security Incident Response Plan