V1901.05 ITC SECURITY INCIDENT RESPONSE POLICY
This policy defines responsibility and specifies the appropriate actions needed to ensure information security incidents are handled in a consistent, thorough and timely manner in order to protect the availability, confidentiality and integrity of VCSU systems, applications, data, or networks.
This policy applies to all VCSU users and any electronic device used to store confidential, sensitive or private university data.
Refer to NDUS procedure 1901.2 for definitions of confidential, sensitive or private data.
An Information Security Incident is any event that harms or threatens the confidentiality, integrity, or availability of VCSU systems, applications, data, or networks.
Any information security incident should be reported to the VCSU Information Technology Security Officer (ITSO) or Help Desk. If the incident is a severe incident, the severe incident response team (SIRT) will assemble. The SIRT team is comprised of the Chief Information Officer, IT Security Officer, the appropriate Vice President and other incident specific appropriate personnel.
Once identified, actions will be taken to eliminate the potential for the spread of an incident or its consequences across additional systems and networks.
- Notification, Preservation and Investigation
The SIRT shall develop a plan promptly upon learning about an incident for identifying and implementing appropriate steps to notify owners of systems and data, and to preserve evidence, consistent with needs to restore availability. An investigation will occur to determine the cause of the incident and plans developed for future preventative actions.
Upon completion or satisfactory progress made on previous steps as authorized by the SIRT and complete eradication of the incident, the affected information systems, assets, resources or network systems will be returned to normal operations.
A final report will be prepared by the ITSO and presented to the SIRT team. The report shall document the incident and provide recommendations to prevent similar future information security incidents.
E. Additional Documents
Sponsor: Chief Information Officer
Approved: April, 2010