ITS Security Standard: Incident Response Program

Brief Description:

To ensure that security incidents and policy violations are promptly reported, investigated, documented and resolved in a manner that promptly restores operations while ensuring that evidence is maintained.

Introduction:

This standard outlines the workflow, roles and responsibilities, and escalation provisions with respect to identifying and handling information technology (IT) policy violations and information security incidents at Cal Poly. An accurate, complete and consistent response is essential to ensure the protection of university information assets while complying with applicable policies and laws. Timely and relevant communication with appropriate parties is necessary to ensure the quality of the response, support legal action if necessary, and maintain public confidence. Complete, accurate documentation and subsequent debriefing are important to prevent recurrence of similar incidents.

Scope:

All information security incidents are to be handled according to this standard and in a manner consistent with applicable laws and regulations. This standard applies to any information security incident or policy violation involving IT resources at Cal Poly, whether initiated from on- or off-campus.  It applies to all university IT resources, whether centrally administered or locally administered; to all users, auxiliary organizations, third parties, visitors, or else anyone with access to Cal Poly information assets; and to personally-owned computers with access to university networks. While mainly intended to address violations of Cal Poly’s Information Security Program and Responsible Use Policy, this standard applies to any information security related incident involving the university.

Incident Response Program:

Workflow

The incident response process consists of the following steps which are described further in this section:

Escalation

Definitions

Roles and Responsibilities

Implementation

EFFECTIVE DATE: 11/1/2011
REVIEW FREQUENCY: Annual
RESPONSIBLE OFFICER: Vice Provost/Chief Information Officer

Revision History

DATE ACTION PAGES
5/2/2014

Updated links and reformatted as HTML pages

All
11/1/2011 Release of initial document by ITS All
8/1/2011 Drafted by Mary Shaffer based on incident response standards, plans and protocols from other universities    

 




 

 

Related Content

Best Practices

10 Best Pactices

Our 10 Best Pactices

Contact Us

Contact Information Security at 756-7000

Contacts

Did you know?

Stay Safe Online Tips