Quick References

ITS Security Standard: Incident Response Program - Roles and Responsibilities 2

Information Authority/Owner

  • Supports the Incident Response Team in reporting, investigating, assessing and resolving potential policy violations and security incidents
  • Determines if an enterprise production service may be taken off-line

Information Security Coordinators

  • Supports the Incident Response Team in reporting, investigating, assessing and resolving potential policy violations and security incidents
  • Serves as escalation point to ensure cooperation by users and technical staff in their area

Management

  • Supports the Incident Response Team in reporting, investigating, assessing and resolving potential policy violations and security incidents
  • Determines if localized production services may be taken off-line
  • In consultation with the Information Security Officer, notifies affected users when a security breach requiring notification originates from an individual or system under their control
  • Applies sanctions and discipline in accordance with existing policy and practice in coordination with Human Resources, Academic Personnel or Office of Student Rights and Responsibilities
  • Participates in lessons learned as requested
  • Makes  recommendations to prevent similar incidents and/or improve the response process

Employment Equity/Human Resources/Academic Personnel/Office of Student Rights and Responsibilities

  • Investigates alleged policy violations and security incidents stemming from actions taken by individual staff, faculty and students to determine if disciplinary action is appropriate
  • Authorizes activities affecting accounts or files of individuals under investigation or found to be responsible for a policy violation or security incident, including but not limited to,
    • Temporary suspension of accounts
    • Early termination of accounts
    • Retention and review of electronic or other files
  • Advises management on applicable policies and procedures, including potential sanctions
  • Participates in lessons learned as requested
  • Authorizes litigation holds and notifies affected parties regarding their responsibilities
  • Interprets the law and advises on potential legal or other risks to the university
  • Reviews search warrants or other legal requests for validity prior to campus response
  • Serves as escalation point for advice on legal matters outside the purview of the team

University Police

  • Investigates incidents involving potential criminal activity, including theft of university property
  • Assists in obtaining search warrants, subpoenas, and other legal documents as requested
  • Coordinates contact with outside law enforcement agencies
  • Serves as escalation point for incidents involving immediate threat to physical safety

Public Affairs

  • Coordinates communications and contacts between the university and the media
  • Serves as escalation point if a security breach notification is required
  • Serves as escalation point if an incident is likely to affect public confidence

Executive Management

  • Serves as escalation point if a security breach notification is required
  • Serves as escalation point if an incident is likely to affect public confidence

 Return to Table of Contents

Related Content