• CIS Homepage
  • CIS HelpDesk
  • CIS SharePoint
  • CIS Internal Wiki


Skip to end of metadata
Go to start of metadata

Introduction


This policy serves as a guideline for CIS response and reporting procedures involving security incidents affecting the availability of University computer and information system resources, or the confidentiality or integrity of the information stored or transported across these resources. As a guideline, this document represents a best practices strategy for incident response and reporting. Ultimate authority for the actions and methods conducted in the event of a security violation rests with the university CIO or official designee.

Download Policy as PDF

Table of Contents

Effective Date: January 19, 2007
Revised Date: February 6, 2009 

Incident Notification (Internal)

In the event that a CIS employee becomes aware of a security violation (confirmed or suspected), that staff member will immediately notify the CIS management team in-person or via direct telephone conversation (not voicemail), beginning with the CIO and continuing through the CIS reporting hierarchy until a CIS team manager is contacted in-person. The employee will also send an urgent-flagged message to the CIS full staff email

Incident Response

Alerting/Discovery

In the event that the incident response occurs during normal CIS operating hours, the full SysAdmin team – or subset of that team (see “Coordination and Planning” below) – will be assembled at the discretion of the CIO or senior CIS staff member coordinating incident response.

Data Breach Notification

Due to the high level of financial, legal and institutional impact, incidents involving suspected or actual data breaches require immediate notification of the CIS senior leadership and also the VP of Business and Planning

Incident Reporting: Internal Violations

Initial Response – Preservation/Suspension of Confidentiality

  1. In the event that confidential or protected university resources or assets are being eminently threatened, CIS will take immediate and appropriate action to contain the threat prior to notification of the  individuals/departments noted in 5.B. Such actions constitute a “suspension of confidentiality” on the part of an individual’s access credentials, and may involve immediate denial of university privileges (credentials) and resource access.
  2. In the event that no immediate threat to availability, integrity of confidentiality exists CIS will execute the procedures for reporting

Incident Reporting: External Violations

Initial Response

  1. In the event that confidential or protected university resources or assets are being eminently threatened, or where there is evidence that a high-risk exposure to system or resource compromise exists, CIS will take immediate and appropriate action to contain or mitigate the threat.

Incident Control and Reporting Procedures (Internal)

  1. In instances where the incident involves no known compromise to confidential university information, where the threat is minimal and easily contained, response authority shall rest with the CIO and CIS SysAdmin team. At the discretion of the CIO, incident details may be provided to the VP-OBP or president’s cabinet.
  2. In instances where the external violation goes beyond simple nuisance violations, when there is evidence or suspicion of legal or monetary compromises to university resources, the VP-OBP will be notified and authority and coordination of incident response shall move to university counsel or cabinet, or other designee as directed by the CIO or VP-OBP.

Definition of Terms

  • Internal Security Violations
    those in which the offender is a known employee, student, or agent of the university, and as such, subject to the provisions set forth in the Acceptable Use Policy (AUP).
  • External Security Violations 
    those coming from outside the campus network, and/or from sources that are unidentifiable or unaffiliated with Seattle Pacific University.

 

  • No labels