Immaculata University IT Security Incident Response Plan
Immaculata University IT Security Incident Response Plan
Immaculata University IT Security Incident Response Plan
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
“User” includes any individuals, entities such as third party hosting contractors, staff,faculty, or employed students, given electronic access to IU’s Institutional Data and/orusing IU Information Technology.II.IDENTIFICATION OF INCIDENTAny User or individual or organization not affiliated with IU may refer a Data <strong>Security</strong><strong>Incident</strong> to the Program Officer. The Program Officer and his or her personnel canidentify a Data <strong>Security</strong> <strong>Incident</strong> through proactive monitoring of IU’s network andinformation system activities.III.ESTABLISHMENT OF INCIDENT RESPONSE TEAMThe Program Officer shall assemble, manage, maintain, train and lead the <strong>Incident</strong><strong>Response</strong> Team.IV.CONTAINING DAMAGE AND PRESERVING EVIDENCEFollowing a Data <strong>Security</strong> Breach the <strong>Incident</strong> <strong>Response</strong> Team will:• Review the circumstances and the actions taken;• Assign roles;• Create a plan of action to contain damage and gather evidence; and• Ensure that wherever possible, a forensic copy of the affectedcomputer hard drive or server database is created.The <strong>Incident</strong> <strong>Response</strong> Team will work with the appropriate staff and OTS to takewhatever actions are necessary to ensure that no additional Institutional Data is lost ortaken and/or that no additional Information Technology is exploited.V. INCIDENT RESPONSE REPORTThe <strong>Incident</strong> <strong>Response</strong> Team will ensure that Data <strong>Security</strong> <strong>Incident</strong>s are appropriatelylogged and archived. To that end, following any Data <strong>Security</strong> <strong>Incident</strong>, the <strong>Incident</strong><strong>Response</strong> team must produce an <strong>Incident</strong> <strong>Response</strong> Report (a “Report”) as outlined inthis Section V of the <strong>Plan</strong>. Any Data <strong>Security</strong> <strong>Incident</strong>s involving Electronic ProtectedHealth Information (“ePHI”) pursuant to the Health Insurance Portability andAccountability Act (“HIPAA”) will be so identified in the Report.The <strong>Incident</strong> <strong>Response</strong> Team will be responsible for communicating the <strong>Incident</strong> toappropriate IU personnel and maintaining contact, for the purpose of update andinstruction, for the duration of the <strong>Incident</strong>.DM3\956481.7-3-