Policy 6 - Incident Response Policy
1.0 Overview
In order to reduce exposure to our user information and other confidential information, we have developed this policy as a means to define the appropriate actions to take should any of the university’s systems be compromised.
2.0 Purpose
In the unlikely event that a security breach occurs, ÑÇÖÞɫͼ State University staff will escalate all known information to the appropriate managers. In addition, staff are authorized to take any immediate and appropriate actions to ensure no further damage is sustained. Any questions or comments about this policy should be directed to Information Systems.
Examples of Information Security Incidents
This list has been created to help understand what circumstances an Incident Reporting Form needs to be filled out and reported. This includes, but is not limited to, the following:
- Unauthorized disclosure of sensitive information
- Theft or loss of equipment that contains private or potentially sensitive information
- Extensive virus or malware outbreak and/or traffic
- Attempts (either failed or successful) to gain unauthorized access to a system or it's data
- Compromised user account
- Responding to a phishing email or having any other ÑÇÖÞɫͼ State University account compromised (ex. Active Directory, MyGate, etc.)
- Extensive disruption of ÑÇÖÞɫͼ State University's information services
3.0 Scope
This policy applies to all systems, networks and data within the university’s operating environment.
4.0 Policy
Immediately following the detection of a breach of security, the Chief Information Officer and the Information Security Officer must be notified. All issues must be documented on the Incident Reporting Form and supplied to the Information Security Officer following the incident.
Secure mechanisms should be used for all communications regarding the breach. Use communications that do not involve the compromised system or network. Do not send email from compromised systems or networks. Upstream sites (sites that were involved in an intrusion prior to the system becoming involved) and downstream sites (sites that were involved after the site experienced an intrusion) need to be informed of the attacks as well. The Information Security Officer will ensure that all other organizations are informed about the involvement of their systems so they too can take necessary steps to respond to an intrusion. The Information Security Officer must ensure that an accurate, detailed log of all contacts and the information exchanged is maintained.
Information pertaining to a security breach will only be released by the Vice President of Finance and Administration.
5.0 Enforcement
Anyone found to have violated this policy may be subject to disciplinary action according to personnel policies and procedures. Students may be referred to Student Affairs for discipline. A violation of this policy by a temporary worker, contractor or vendor may result in action up to and including termination of their contract or assignment with ÑÇÖÞɫͼ State University.
Policy adopted: 02-25-2011
Revision adopted:
Policy approval and adoption: ÑÇÖÞɫͼ State University President's Office and Information
Systems Security