Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Statement and Purpose


Table of Contents



This policy serves as a guideline for CIS
Info
titleNote

This policy is currently under significant revision; drafted updates are awaiting approval/adoption.


The following details CIS' response and reporting procedures involving security incidents affecting the availability of University computer University computer and information system resources, or the confidentiality or integrity of the information stored or transported across these resources. As a guidelinea guideline, this document represents a best practices strategy for incident response and reporting. Ultimate authority for the actions and methods conducted methods conducted in the event of a security violation rests with the university CIO or official designee.

Download Policy as PDF

Entities Affected By This Policy

All University faculty and staff.


Table of Contents
maxLevel2
indent20px
excludeTable of Contents



Panel
borderColorgrey
borderStylesolid

Policy Version: 1.1

Responsible Office: Computer and Information Systems
Responsible Executive:
  AVP for Information Technology

Effective Date: January 19, 2007 
Last Updated:  
February 6, 2009  March 2, 2023



Incident Notification (Internal)

In the event that a CIS employee becomes aware of a security violation (confirmed or suspected), that staff member will immediately notify the CIS management team in-person or via direct telephone conversation (not voicemail), beginning with the CIO and continuing through the CIS reporting hierarchy until a CIS team manager is contacted in-person. The employee will also send an urgent-flagged message to the CIS full staff emailCIS via the CIS Teams Outages Channel and create a JIRA "ITSEC" ticket providing as many details as possible regarding the reported concern.

Incident Response

Alerting/Discovery

In the event that the incident response occurs during normal CIS operating hours, the full SysAdmin CIS  team – or subset of that team (see “Coordination and Planning” below) – - will be assembled at the discretion of the CIO or senior CIS staff member coordinating incident response.

Data Breach Notification

Due to the high level of financial, legal and institutional impact, incidents involving suspected or actual data breaches require immediate notification of the CIS senior leadership and also the VP of Business and Planning

Incident Reporting: Internal Violations

Initial Response – Preservation/Suspension of Confidentiality

  1. In the event that confidential or protected university resources or assets are being eminently threatened, CIS will take immediate and appropriate action to contain the threat prior to notification of the  individuals/departments noted in 5.B. Such actions constitute a “suspension of confidentiality” on the part of an individual’s access credentials, and may involve immediate denial of university privileges (credentials) and resource access.
  2. In the event that no immediate threat to availability, integrity of confidentiality exists CIS will execute the procedures for reportingprivileged escalation.

Incident Reporting: External Violations

Initial Response

  1. In the event that confidential or protected university resources or assets are being eminently threatened, or where there is evidence that a high-risk exposure to system or resource compromise exists, CIS will take immediate and appropriate action to contain or mitigate the threat.

Incident Control and Reporting Procedures (Internal)

  1. In instances where the incident involves no known compromise to confidential university information, where the threat is minimal and easily contained, response authority shall rest with the CIO and CIS SysAdmin team. At the discretion of the CIO, incident details may be provided to the VP-OBP or president’s cabinet.
  2. In instances where the external violation goes beyond simple nuisance violations, when there is evidence or suspicion of legal or monetary compromises to university resources, the VP-OBP will be notified and authority and coordination of incident response shall move to university counsel or cabinet, or other designee as directed by the CIO or VP-OBP.

Definition of Terms

  • Internal Security Violations
    those in which the offender is a known employee, student, or agent of the university, and as such, subject to the provisions set forth in the Acceptable Use Policy (AUP).
  • External Security Violations 
    those coming from outside the campus network, and/or from sources that are unidentifiable or unaffiliated with Seattle Pacific University.

Related Policies and Procedures