TO TOP

Report an IT security incident

An IT security incident can have serious consequences if it is not detected and addressed promptly. Examples include suspicious system activity, unauthorized access, or phishing attacks. Early reporting helps minimize damage, analyze attacks, and quickly implement countermeasures. Please do not hesitate – it is better to report an incident once too often than too little. Your report will be treated confidentially.

Information required for a swift response:

  • Date and time of the incident (including time zone)
  • Source and destination IP addresses as well as ports and protocols used (if known)
  • Description of the incident and relevant details
  • Log files or suspicious emails (as attachments, including header data)

If you wish to report a vulnerability, please follow the principles of Responsible Disclosure:

  • Do not intentionally exploit the vulnerability.
  • Submit sensitive information only through secure channels.
  • Do not share vulnerability details with uninvolved third parties until it has been resolved.

 

Please note that we do not offer rewards or bounties for reported vulnerabilities, but we are happy to issue a Letter of Appreciation.

Procedure for a Security Incident

Procedure for a Security Incident

A quick and coordinated response is essential to limit damage and determine the cause of a security incident. Please follow these steps:

Immediate Actions:

  • Immediately disconnect the affected system from the network, but do not power it off.

  • Report the incident to your supervisor and the responsible IT support.

    • Employees with IT support should contact their designated IT contacts.

    • Employees without direct IT support and students must take appropriate measures themselves.

  • Notify the RUB-Cert / ITSB team about the incident.

Analysis and Damage Mitigation:

  • Determine the cause of the incident and identify any other potentially affected systems.

  • Immediately change all affected passwords, especially if accounts have been compromised.

  • If a computer is infected: reinstall the system, as a complete cleanup is often not reliable.

  • Restore data from backups if necessary.

Follow-up and Prevention:

  • Evaluate the incident and identify potential security vulnerabilities.

  • If needed, conduct a debriefing to define measures for future prevention.

  • Adjust security policies or protective measures to prevent similar incidents in the future.

Further information can be found on the website of the Information Security Office.

Weiterlesen
Contact

Tel.: +49 (0)234 32-20000
Fax: +49 (0)234 32-20001
E-Mail: cert@ruhr-uni-bochum.de


Contact ITSB

The Information Security Office (ITSB) is the point of contact for all matters related to IT security

General inquiries and consultation:
E-Mail: itsb@rub.de

Reports of abusive usage:
E-Mail: abuse@rub.de

Further contact information can be found on the website of the Information Security Office (ITSB).

ITSB

Contact IT.SERVICES

In case of disruptions to central IT systems and services, please contact the IT.SERVICES helpdesk.

E-Mail: its-helpdesk@ruhr-uni-bochum.de

IT.SERVICES

Contact NOC

The Network Operation Center is the point of contact for all matters related to network technology and infrastructure.

E-Mail: noc@ruhr-uni-bochum.de

NOC