Cyber-incident Notification

Uploaded Image (Thumbnail)

Cyber-incident Notification

Contacts and Procedures

STEP 1 – Assess the Cyber-incident

Does the incident meet any of the following criteria?

  • Involves the potential exposure of PII, HIPAA, or FERPA data
  • Significantly impact or puts at risk campus operations
  • A compromise where the extent of the incident cannot be ascertained and additional resources are needed
  • Data loss that raises to the level outlined in the NYS Information Security Breach and Notification Act

STEP 2 – Report the Incident

In the event of a cyber security incident that meets the above criteria contact the following until you reach someone:

1st Call SUNY Assistant Chief Information Officer, Richard Borden 518-429-1633 (Call or Text) CyberIncidentResponse@suny.edu
If no answer, 2nd Call SUNY Chief Information Security Officer, Jesse Sloman 518-971-1729 (Call or Text) CyberIncidentResponse@suny.edu
If no answer, 3rd Call SUNY Chief Technology Officer, Kevin Stillman 518-281-6095 (Call or Text) CyberIncidentResponse@suny.edu
If no answer, 4th Call SUNY Director of Cybersecurity Services, Tishawn Smith 347-348-6376 (Call or Text) CyberIncidentResponse@suny.edu
 

STEP 3 – Complete and submit SUNY Cyberincident Reporting form

After notification has been given, complete this online form: SUNY Cyberincident Information Collection Form

If you have trouble with the online form, you may complete this fillable PDF and email it to: CyberIncidentResponse@suny.edu

 

Guidance related to Additional Reporting Responsibilities:

  1. In the event an incident rises to the level of a data breach these additional steps must be taken under section 208 of the State Technology Law, notify:
    1. The NYS Attorney General (AG)
    2. The Department of State’s Division of Consumer Protection
  2. A State entity must notify affected NYS residents and non-residents if their private information was exposed
  3. Based on the nature of the incident additional offices should be notified in the event of a serious incident or a data breach:
    1. Counsel’s Office – Must be notified immediately in the event of a suspected data breach
    2. Press & Communications – Will coordinate messaging
    3. Senior Leaders (as necessary) - This will be based on individual campus protocols
Print Article

Related Services / Offerings (1)

SUNYWide Cyber Incident Reporting
Procedure to use for reporting a cyber-incident to the SUNY CISO.