Incident Response Plan - Grayson College
嚜澶rayson College
Incident Response Plan
All printed copies and duplicate soft copies are considered uncontrolled.
The original online version should be referred to for the latest version.
1
Contents
CONTENTS ............................................................................................................................................. 2
ABOUT THIS INCIDENT RESPONSE PLAN ......................................................................................... 4
HISTORY .................................................................................................................................................................................... 4
REVIEW ...................................................................................................................................................................................... 4
1 INTRODUCTION TO THE IRP ............................................................................................................. 5
1.1 SCOPE ................................................................................................................................................................................ 5
1.2 COMPLIANCE ..................................................................................................................................................................... 5
1.3 AUDIENCE .......................................................................................................................................................................... 6
1.4 RESPONSIBILITIES ............................................................................................................................................................. 6
1.5 DEFINITIONS ....................................................................................................................................................................... 8
1.6 TRADEMARKS ................................................................................................................................................................... 10
1.7 DOCUMENTS AND MAINTENANCE ................................................................................................................................. 10
2 INCIDENT RESPONSE TEAM (IRT) ................................................................................................. 11
2.1 OVERVIEW ......................................................................................................................................................................... 11
2.2 IRT RESPONSE CAPABILITIES ........................................................................................................................................ 12
2.3 IRT ROSTER & RESPONSIBILITIES ................................................................................................................................ 12
3 INITIAL REPORTING, CLASSIFICATION, AND RESPONSE ......................................................... 16
3.1 INITIAL REPORTING OF A SECURITY INCIDENT ........................................................................................................... 16
3.2 INITIAL ANALYSIS AND TRIAGE ...................................................................................................................................... 17
3.3 CLASSIFICATION OF A SECURITY INCIDENT ................................................................................................................ 17
3.4 ACTIVATION OF THE SECURITY INCIDENT RESPONSE TEAM ................................................................................... 18
3.5 IRT RESPONSE ASSIGNMENT ........................................................................................................................................ 18
4 RESPONSE PROCEDURES ............................................................................................................. 19
4.1 INITIAL RESPONSE ........................................................................................................................................................... 19
4.2 TIME TRACKING ................................................................................................................................................................ 20
4.3 SITUATION ASSESSMENT ............................................................................................................................................... 20
4.4 EVIDENCE-GATHERING, PROTECTING AND PRESERVING ........................................................................................ 23
4.5 TECHNICAL INVESTIGATIONS ........................................................................................................................................ 24
4.6 COMMUNICATIONS DURING RESPONSE PROCESS.................................................................................................... 24
4.7 INCIDENT RESPONSE ACTIVITY DOCUMENTATION .................................................................................................... 24
4.8 RECOVERY OPERATIONS ............................................................................................................................................... 25
4.9 INCIDENT RESPONSE CHECKLIST ................................................................................................................................. 25
5 INFORMATION PROTECTION .......................................................................................................... 26
6 COORDINATION OF INTERNAL COMMUNICATIONS ................................................................... 27
6.1 INTRA-IRT COMMUNICATIONS ........................................................................................................................................ 27
6.2 NOTIFICATION OF AFFECTED USERS ........................................................................................................................... 27
6.3 NOTIFICATION OF SENIOR MANAGEMENT ................................................................................................................... 27
6.4 INTERNAL COMMUNICATIONS TEMPLATE .................................................................................................................... 27
7 COORDINATION OF EXTERNAL COMMUNICATIONS .................................................................. 28
7.1 DIRECTED TO ORGANIZATIONS TARGETING GRAYSON COLLEGE .......................................................................... 28
7.2 ORGANIZATIONS TARGETED FROM GRAYSON COLLEGE SYSTEMS ....................................................................... 28
7.3 GRAYSON COLLEGE TECHNICAL SERVICE PROVIDERS............................................................................................ 29
7.4 LAW ENFORCEMENT AGENCIES .................................................................................................................................... 29
7.5 THE MEDIA ........................................................................................................................................................................ 29
7.6 LIAISON ACTIVITY ............................................................................................................................................................. 30
7.7 COMPLIANCE WITH BREACH NOTIFICATION OBLIGATIONS ...................................................................................... 30
7.8 EXTERNAL COMMUNICATIONS TEMPLATE .................................................................................................................. 30
8 FINAL FINDINGS REPORT ............................................................................................................... 31
2
APPENDIX A 每 GRAYSON COLLEGES SUPPORTING SECURITY DOCUMENTS ......................... 32
APPENDIX B 每 IRT CURRENT ROSTER ............................................................................................ 33
APPENDIX C 每 INCIDENT DETAILS GATHERING............................................................................. 34
APPENDIX D 每 SECURITY INCIDENT SEVERITY CLASSIFICATIONS ............................................ 36
APPENDIX E 每 INCIDENT RESPONSE CHECKLIST ......................................................................... 38
APPENDIX F 每 FINAL FINDINGS REPORT ........................................................................................ 40
APPENDIX G每 COMMUNICATION TEMPLATES ............................................................................... 43
INSURANCE NOTICE OF LOSS .......................................................................................................... 44
APPENDIX I每 SUGGESTED IRT TRAINING COURSES..................................................................... 45
DOCUMENT ACCEPTANCE ................................................................................................................ 46
3
About This Incident Response Plan
History
Version No.
Issue Date
Status
v1.0
10/15/2020
Draft
Reason for Change
Review
Reviewer*s Details
Version No.
4
Date
1 Introduction to the Incident Response Plan
The Incident Response Plan (※IRP§) is intended to provide an organized, well-defined approach for
responding to critical Security Incidents affecting Grayson College*s electronic information assets.
This Incident Response Plan shall be implemented by the College*s Incident Response Team, which
consists of a group of designated Grayson College employees tasked with the responsibility of
responding to critical Security Incidents, including ensuring remediation of the Security Incident and
recommending controls to prevent further Security Incidents from reoccurrence. The Grayson College
Incident Response Team shall utilize this plan to assess the significance of an incident based on the
operations impact on the affected resources and the current and potential technical effect of the
incident (e.g., loss of revenue, productivity, access to services, reputation, unauthorized disclosure of
confidential information, or propagation to other networks).
1.1 Scope
All authorized users have an interest in the security of college resources at Grayson College, and
share in the responsibility for protection of those resources, prevention of problems, and incident
detection and response. This IRP covers the response to critical Security Incidents that threaten the
confidentiality, integrity, and availability of Grayson Colleges electronic information assets, as well as
Grayson Colleges systems, networks, and media that collect, process, store, and deliver such
information. It applies to critical Information Security incidents of all types and is applicable to
employees, contractors, vendors, and other persons and/or organizations that perform technology
functions in support of the College, including systems, network, desktop, and applications. Grayson
College*s Written Information Security Program, Information Handling, Backup and Retention
Standard, and Business Continuity & Disaster Recovery Policy apply to this process.
1.2 Compliance
Failure to comply with the requirements in this process is grounds for disciplinary action, up to and
including termination of employment, cancellation of consultancy or contractor arrangement,
termination of business contract, civil action and/or criminal prosecution. In cases where there is a
conflict between this process and other Information Security Policies and Procedures, the more
stringent requirement applies. Every attempt should be made to follow the Incident Response
process.
5
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- computer security incident response plan cmu
- state of oregon information security incident response plan
- incident response plan
- information security incident response plan oregon
- example incident response plan michigan
- security and privacy incident response plan
- incident response plan introduction scope
- hud breach notification response plan
- incident response template
- incident response plan template
Related searches
- 529 college savings plan ohio
- starling elementary grayson ga
- ohio college savings plan 529
- blackrock college advantage plan 529
- marketing plan ideas college project
- 529 college savings plan blackrock
- 529 college savings plan ohio blackrock
- 529 college savings plan calculator
- 529 college savings plan grandparents
- college advantage plan 529
- 529 college savings plan advantages
- 529 direct college plan ohio