Back to “IT security”

Procedure in the event of security incidents

IT security incidents can have serious consequences for business operations. In order to be able to deal with such incidents as quickly as possible, we have created a guide for you on this page that will help you to act in the event of IT security incidents.

enlarge the image: Illustration of padlocks
Photo: Colourbox

When is an IT emergency?

An (information) security incident occurs when the availability, confidentiality and/or integrity of information (or IT systems) are or have been seriously compromised in an unplanned manner.

What do I do in the event of an IT emergency?

If you have an IT emergency or suspect that you have an IT emergency, keep calm and call the IT emergency number immediately. Be sure to call even if you have a suspicion! In this case, it is better to call once more than once too little.

  • IT emergency number:
    +49 341 97-33333


In accordance with the IT emergency sheet of the Federal Office for Information Security, you should be able to answer the following questions and observe the following behavioural instructions when reporting an emergency:

Important questions when reporting an emergency

  1. Who reports the emergency?
  2. Which IT system is affected?
  3. How did you work with the IT system?
  4. What did you observe?
  5. When did the event occur?
  6. Where is the affected IT system located (building, room, workplace)?

Further behavioural advice

  • Stop further work on the IT system
  • Document observations
  • Only initiate measures according to instructions


Further information from the Alliance for Cyber Security

Delimitation of security incidents

Security incidents are distinguished from malfunctions or troubleshooting in day-to-day business by the following aspects:

  • Failure or loss of systems and/or functionalities with high or very high damage,
  • Failure of systems and/or functionalities beyond the defined SLA/required availability time,
  • Damage to systems or data or concrete monetary damage,
  • Theft of systems or data (unauthorised access),
  • Indications of targeted attacks, spying on vulnerabilities, unauthorised use of resources, possibility/risk of unauthorised access to personal data,
  • Massive damage to image due to negative external impact.

We speak of an IT emergency when the incidents have such serious effects that the business operations or the fulfilment of the university's tasks are severely impaired. Emergencies can no longer be handled in the general day-to-day business, but require a separate coping organisation.