A.  Background

NDUS procedure 1202.02 states, “Each Institution of the North Dakota University System (NDUS) must develop and maintain an Incident Response Plan.”  This VCSU policy defines responsibility and specifies the appropriate actions needed to ensure information security incidents are handled in a consistent, thorough and timely manner in order to protect the availability, confidentiality and integrity of VCSU systems, applications, data, or networks.  

 B.  Scope

This policy applies to all VCSU users and any electronic device used to store restricted or private data.

C.  Definitions

Refer to NDUS procedure 1203.7 for definitions of restricted and private data.

Refer to Classification of Common Data Elements for examples of restricted and private data.

An Information Security Incident is any event that harms or threatens the confidentiality, integrity, or availability of VCSU systems, applications, data, or networks. 

D. Procedures

  1. Reporting
    Any information security incident should be reported to the VCSU Information Technology Security Officer (ITSO) or Technology Services Desk. If the incident is a severe incident, the severe incident response team (SIRT) will assemble. The SIRT team is comprised of the VCSU Chief Information Officer, VCSU IT Security Officer, the appropriate Vice President, NDUS Chief Information Officer, NDUS IT Security Officer and other incident specific appropriate personnel.
  2. Containment 
    Once identified, actions will be taken to eliminate the potential for the spread of an incident or its consequences across additional systems and networks.
  3. Notification, Preservation and Investigation 
    The SIRT shall develop a plan promptly upon learning about an incident for identifying and implementing appropriate steps to notify owners of systems and data, and to preserve evidence, consistent with needs to restore availability. An investigation will occur to determine the cause of the incident and plans developed for future preventative actions.
  4. Restoration 
    Upon completion or satisfactory progress made on previous steps as authorized by the SIRT and complete eradication of the incident, the affected information systems, assets, resources or network systems will be returned to normal operations.
  5. Closure 
    A final report will be prepared by the NDUS and VCSU ITSO and presented to the SIRT team. The report shall document the incident and provide recommendations to prevent similar future information security incidents.

E.  Reference Documents

Sponsor: Chief Information Officer

Approved: April, 2010

Revised: March 2017

Revised and renumbered (formerly V1901.05):  December 2021