Policy: Incident Response

PURPOSE

The purpose of this policy is to define the response of Massasoit Community College (Massasoit) to electronic information security incidents.   This policy must be read in conjunction with the Acceptable Use of Information Technology Resources Policy

SCOPE

This policy applies to all Massasoit electronic information security incidents, henceforth referred to as an “incident,” which are defined as any attempt, successful or unsuccessful, to disable, interrupt, compromise, bypass, alter, or by any other means misuse Massasoit information technology resources.

POLICY

·         All reported incidents shall be responded to in a timely manner.

·         An Incident Report must be completed and retained by the ITS staff for each incident.

·         In response to an incident, the Massasoit ITS staff and appropriate stakeholders shall address the following, as applicable:

o    Detection – Corroborate and define the incident;

o    Assessment – The incident should be classified based on available information to determine whether network communications require closure or activation of the Business Continuity Plan;

o    Forensics - Data related to the incident shall be gathered and analyzed;

o    Containment – Measures shall be taken to separate impacted systems from the rest of the Massasoit environment;

o    Recovery – Systems shall be restored to normal operation as soon as possible and follow policy and procedures for applicable backup and recovery;

o    Post-Mortem – an analysis of the incident, Massasoit response to the incident, and lessons learned.

·         Employees and students are required to report incidents to either the Helpdesk or other appropriate personnel.

·         Additional role-specific training may be administered to IT and other staff members as  required by job responsibilities and access level: systems, network infrastructure, physical security, and/or datacenter.

 

ENFORCEMENT

Any person found to have violated this policy, intentionally or unintentionally, may be subject to disciplinary action, up to and including loss of access rights, termination of employment or expulsion from the College.

 

ROLES AND RESPONSIBILITIES

ROLE

RESPONSIBILITY

IT Manager

Leads information security incident response and coordinates reporting to external entities; determines if incident follow-up is needed; ensures all incidents and resolution activities are fully documented and tracked; ensures compliance with regulatory requirements.

IT Staff

Report incidents and/or respond to information security incidents according to policy and procedures.

Management Team

Report incidents and/or engage legal counsel , authorities, and external reporting entities as appropriate.

All Users

Report incidents to manager or IT Manager promptly.

REFERENCES

Framework

COBIT 4.1

Regulations and Requirements

PCI DSS - MA 201 - HIPAA

Supporting

Standards and Procedures

DS5 Ensure System Security

DS8 Manage Service Desk Incidents

 

 

 

REVISION HISTORY

This section contains comments on any revisions that were made to this document and the date they were made.

Version Number

Issued Date

Approval

Description of Changes

1.0

1/12/2016

Compass ITC

Initial Draft

 2.0

8/2/2018 

 CIO

 Publication in Knowledge Base

 

94% helpful - 16 reviews
Print Article

Related Articles (2)

Provides a framework governing acceptable use of Massasoit Community College technology resources.
The WISP sets forth Massasoit Community College’s procedures for evaluating its electronic and physical methods of accessing, collecting, storing, using, transmitting and protecting Confidential Information.