How to report an IT security issue?

Background

EPFL’s information system is a key asset for the School in achieving its objectives. The increase in computing requirements, the number of interconnections and interdependencies, and the complexity and diversity of systems – as well as security threats – are major factors in the rapid rise in risk levels that EPFL is facing.

The security of EPFL’s information system – including its availability, integrity, confidentiality and traceability – is an important priority for the School. The objectives are to ensure the continuity of EPFL’s activities and to protect its reputation with regard to the use of information and the means supporting it.

The protection of our information system is everyone’s concern. Each one of us, by his or her behavior, can improve this protection or endanger the system.

It’s within this context that EPFL is encouraging users to report immediately, to those responsible, any weakness in the security of the information system.

Reminder

EPFL urges all users to keep any potential weakness confidential in relation to non-authorized third parties. This point is important: confidentiality helps us to protect not only the School, but also your data, whether you are a student, employee or external entity.

How to report a security issue

You can report security problems to: [email protected].

Reward

Depending on the seriousness of the reported security problem: if the person is a student at EPFL, and if it is the first time that the problem is reported, the Vice-President for information systems may decide that a reward is appropriate.