Top Nav Leftcrn
Top Nav Rightcrn
vcsu
vcsu

V1901.05 ITC SECURITY INCIDENT RESPONSE POLICY

You may need the latest version of Adobe Reader to view pdf files on this page.
Get Adobe Reader - Free

 
A. Background

This policy defines responsibility and specifies the appropriate actions needed to ensure information security incidents are handled in a consistent, thorough and timely manner in order to protect the availability, confidentiality and integrity of VCSU systems, applications, data, or networks.
 
B. Scope

This policy applies to all VCSU users and any electronic device used to store confidential, sensitive or private university data.
 
C. Definitions

Refer to NDUS procedure 1901.2 for definitions of confidential, sensitive or private data.
An Information Security Incident is any event that harms or threatens the confidentiality, integrity, or availability of VCSU systems, applications, data, or networks.
 
D. Procedures

  • Reporting
    Any information security incident should be reported to the VCSU Information Technology Security Officer (ITSO) or Help Desk. If the incident is a severe incident, the severe incident response team (SIRT) will assemble. The SIRT team is comprised of the Chief Information Officer, IT Security Officer, the appropriate Vice President and other incident specific appropriate personnel.
  • Containment
    Once identified, actions will be taken to eliminate the potential for the spread of an incident or its consequences across additional systems and networks.
  • Notification, Preservation and Investigation
    The SIRT shall develop a plan promptly upon learning about an incident for identifying and implementing appropriate steps to notify owners of systems and data, and to preserve evidence, consistent with needs to restore availability. An investigation will occur to determine the cause of the incident and plans developed for future preventative actions.
  • Restoration
    Upon completion or satisfactory progress made on previous steps as authorized by the SIRT and complete eradication of the incident, the affected information systems, assets, resources or network systems will be returned to normal operations.
  • Closure
    A final report will be prepared by the ITSO and presented to the SIRT team. The report shall document the incident and provide recommendations to prevent similar future information security incidents.
E. Additional Documents

Sponsor: Chief Information Officer
Approved: April, 2010
Apply Now Schedule Campus Visit
Office Information
President
Dr. Steven W. Shirley
701-845-7102
steve.shirley@vcsu.edu

Executive Assistant
Rhonda Fairfield
701-845-7102
rhonda.fairfield@vcsu.edu

Office Location
McFarland 216

Office Hours
Academic Year
7:45 a.m. - 4:30 p.m.
Summer
7:30 a.m. - 4:00 p.m.

Mailing Address
Office of the President
Valley City State University
101 College Street SW
Valley City, ND 58072
Feedback