Cyber Security Incident Response Policy (10.4) 1 Information Technology Security Plan Cyber Security Incident Response Policy (10.4) Responsible executive: CIO Approval date: 7/01/2016 Responsible office: ITS Effective date: 7/01/2016 Related policies: IT Security Plan, Information Security Awareness Policy 1.0 Policy Statement The Security Incident Response Policy defines security incident response methods for identifying, mitigating, responding to and reporting information security incidents. Immediately containing and limiting the exposure is our first priority. 2.0 Reason for Policy The purpose of this policy is to protect the confidentiality, integrity and availability of personal, sensitive or confidential information to prevent loss of service and to comply with legal requirements. 3.0 Applicability This policy applies to all employees, students, contractors and other agents using university computing resources regardless of the ownership of the device used to connect to the network. 4.0 Terms and Definitions Incident Management is the process of detecting, mitigating, and analyzing threats or violations of security policies and limiting their effect. Computer Security Incident is a violation (breach) or imminent threat of violation of security policies or standard computer security practices which may include, but are not limited to: widespread infections from viruses or other malicious code; unauthorized use of computer accounts and systems; unauthorized, intentional or inadvertent disclosure or modification of sensitive data or the intentional disruption of critical system functionality. Events of Interest are questionable or suspicious activities that could threaten the security objectives for critical or sensitive data or systems. They may or may not have criminal implications. 5.0 Policy 5.1 Incident Management and Response
2
Embed
InformationTechnologySecurityPlan** Cyber ......Title: Microsoft Word - 10_4 Cyber Security Incident Response Policy.docx Created Date: 3/13/2017 2:30:50 PM
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Cyber Security Incident Response Policy (10.4) 1
Information Technology Security Plan Cyber Security Incident Response Policy (10.4) Responsible executive: CIO Approval date: 7/01/2016 Responsible office: ITS Effective date: 7/01/2016
Related policies: IT Security Plan, Information Security Awareness Policy 1.0 Policy Statement The Security Incident Response Policy defines security incident response methods for identifying, mitigating, responding to and reporting information security incidents. Immediately containing and limiting the exposure is our first priority. 2.0 Reason for Policy The purpose of this policy is to protect the confidentiality, integrity and availability of personal, sensitive or confidential information to prevent loss of service and to comply with legal requirements. 3.0 Applicability This policy applies to all employees, students, contractors and other agents using university computing resources regardless of the ownership of the device used to connect to the network. 4.0 Terms and Definitions Incident Management is the process of detecting, mitigating, and analyzing threats or violations of security policies and limiting their effect. Computer Security Incident is a violation (breach) or imminent threat of violation of security policies or standard computer security practices which may include, but are not limited to: widespread infections from viruses or other malicious code; unauthorized use of computer accounts and systems; unauthorized, intentional or inadvertent disclosure or modification of sensitive data or the intentional disruption of critical system functionality. Events of Interest are questionable or suspicious activities that could threaten the security objectives for critical or sensitive data or systems. They may or may not have criminal implications. 5.0 Policy 5.1 Incident Management and Response
Cyber Security Incident Response Policy (10.4) 2
Incident management and response involves identifying, mitigating, responding to and reporting information security incidents. The objective is to make timely notification so individuals can take appropriate action. Safeguarding all personal, sensitive or confidential information, no matter the format, is essential to maintaining trust at SSU. The incident response lifecycle includes: Preparation – limit the number of incidents by implementing controls such as security awareness, risk assessment, vulnerability scanning and malware prevention. Detection and Analysis – aids in the process of determining an incident’s occurrence, type, extent and impact through the use of intrusion prevention, log correlation and network and system profiling. Documentation and Notification – documents facts regarding the incident and communicates the incident to the appropriate person(s) and/or agency. Containment, Eradication and Recovery – involves decision-‐making (e.g., when to disable an affected system or service) to contain an incident, elimination of the source of exposure and restoring systems to a clean state. Post-‐Incident Activity – reviews lessons learned to improve future incident management and response techniques. 5.2 Incident Handling
• The incident management and response point of contact is the Information Security Officer (ISO).
• Time is critical In the event of a security incident. Report all security incidents or events of interest involving loss, damage, misuse of information assets or improper dissemination of information.
• Do not attempt to login, alter the compromised system or power it off. These actions will delete forensic evidence that may be critical to documenting the incident.
• When an incident is reported, the Incident Response Team will be assembled to advise and assist in containing and limiting the exposure, in investigating the attack, in obtaining the appropriate approvals, and in handling notification to the affected individuals and offices.
• The incident escalation path is ISO, CIO, Executive Leadership, University System of Georgia, Board of Regents.
• To report an incident, complete the Cyber Security Incident Form or contact the HelpDesk at 912-‐358-‐4357 or [email protected].