V1202.02 Technology Services Security Incident Response Policy
Modified on: Wed, Nov 6 2024 2:49 PMA. Background
NDUS procedure 1202.02 states, “Each Institution of the North Dakota University System (NDUS) must develop and maintain an Incident Response Plan.” This VCSU policy defines responsibility and specifies the appropriate actions needed to ensure information security incidents are handled in a consistent, thorough and timely manner in order to protect the availability, confidentiality and integrity of VCSU systems, applications, data, or networks.
B. Scope
This policy applies to all VCSU users and any electronic device used to store restricted or private data.
C. Definitions
Refer to NDUS procedure 1203.7 for definitions of restricted and private data.
Refer to Classification of Common Data Elements for examples of restricted and private data.
An Information Security Incident is any event that harms or threatens the confidentiality, integrity, or availability of VCSU systems, applications, data, or networks.
D. Procedures
-
Reporting
Any information security incident should be reported to the VCSU Information Technology Security Officer (ITSO) or Technology Services Desk. If the incident is a severe incident, the severe incident response team (SIRT) will assemble. The SIRT team is comprised of the VCSU Chief Information Officer, VCSU IT Security Officer, the appropriate Vice President, NDUS Chief Information Officer, NDUS IT Security Officer and other incident specific appropriate personnel. -
Containment
Once identified, actions will be taken to eliminate the potential for the spread of an incident or its consequences across additional systems and networks. -
Notification, Preservation and Investigation
The SIRT shall develop a plan promptly upon learning about an incident for identifying and implementing appropriate steps to notify owners of systems and data, and to preserve evidence, consistent with needs to restore availability. An investigation will occur to determine the cause of the incident and plans developed for future preventative actions. -
Restoration
Upon completion or satisfactory progress made on previous steps as authorized by the SIRT and complete eradication of the incident, the affected information systems, assets, resources or network systems will be returned to normal operations. -
Closure
A final report will be prepared by the NDUS and VCSU ITSO and presented to the SIRT team. The report shall document the incident and provide recommendations to prevent similar future information security incidents.
E. Reference Documents
- NDUS Procedure 1202.2 Incident Response
- NDUS Procedure 1203.7 Data Classification and Information Security Standard
- VCSU V1201.02 addendum to NDUS Procedure 1201.2
- HIPAA
- FERPA
- GLBA
Sponsor: Chief Information Officer
Approved: April, 2010
Revised: March 2017
Revised and renumbered (formerly V1901.05): December 2021