PURPOSE
The purpose of this policy is to define the response of Massasoit Community College (Massasoit) to electronic information security incidents. This policy must be read in conjunction with the Acceptable Use of Information Technology Resources Policy.
SCOPE
This policy applies to all Massasoit electronic information security incidents, henceforth referred to as an “incident,” which are defined as any attempt, successful or unsuccessful, to disable, interrupt, compromise, bypass, alter, or by any other means misuse Massasoit information technology resources.
POLICY
· All reported incidents shall be responded to in a timely manner.
· An Incident Report must be completed and retained by the ITS staff for each incident.
· In response to an incident, the Massasoit ITS staff and appropriate stakeholders shall address the following, as applicable:
o Detection – Corroborate and define the incident;
o Assessment – The incident should be classified based on available information to determine whether network communications require closure or activation of the Business Continuity Plan;
o Forensics - Data related to the incident shall be gathered and analyzed;
o Containment – Measures shall be taken to separate impacted systems from the rest of the Massasoit environment;
o Recovery – Systems shall be restored to normal operation as soon as possible and follow policy and procedures for applicable backup and recovery;
o Post-Mortem – an analysis of the incident, Massasoit response to the incident, and lessons learned.
· Employees and students are required to report incidents to either the Helpdesk or other appropriate personnel.
· Additional role-specific training may be administered to IT and other staff members as required by job responsibilities and access level: systems, network infrastructure, physical security, and/or datacenter.
ENFORCEMENT
Any person found to have violated this policy, intentionally or unintentionally, may be subject to disciplinary action, up to and including loss of access rights, termination of employment or expulsion from the College.
ROLES AND RESPONSIBILITIES
|
ROLE
|
RESPONSIBILITY
|
|
IT Manager
|
Leads information security incident response and coordinates reporting to external entities; determines if incident follow-up is needed; ensures all incidents and resolution activities are fully documented and tracked; ensures compliance with regulatory requirements.
|
|
IT Staff
|
Report incidents and/or respond to information security incidents according to policy and procedures.
|
|
Management Team
|
Report incidents and/or engage legal counsel , authorities, and external reporting entities as appropriate.
|
|
All Users
|
Report incidents to manager or IT Manager promptly.
|
REFERENCES
|
Framework
COBIT 4.1
|
Regulations and Requirements
PCI DSS - MA 201 - HIPAA
|
Supporting
Standards and Procedures
|
|
DS5 Ensure System Security
DS8 Manage Service Desk Incidents
|
|
|
REVISION HISTORY
This section contains comments on any revisions that were made to this document and the date they were made.
|
Version Number
|
Issued Date
|
Approval
|
Description of Changes
|
|
1.0
|
1/12/2016
|
Compass ITC
|
Initial Draft
|
|
2.0
|
8/2/2018
|
CIO
|
Publication in Knowledge Base
|