Incident Response Plan - Grayson College

Grayson College Incident Response Plan

All printed copies and duplicate soft copies are considered uncontrolled. The original online version should be referred to for the latest version.

1

Contents

CONTENTS ............................................................................................................................................. 2 ABOUT THIS INCIDENT RESPONSE PLAN ......................................................................................... 4

HISTORY .................................................................................................................................................................................... 4 REVIEW ...................................................................................................................................................................................... 4

1 INTRODUCTION TO THE IRP ............................................................................................................. 5

1.1 SCOPE ................................................................................................................................................................................ 5 1.2 COMPLIANCE ..................................................................................................................................................................... 5 1.3 AUDIENCE .......................................................................................................................................................................... 6 1.4 RESPONSIBILITIES ............................................................................................................................................................. 6 1.5 DEFINITIONS ....................................................................................................................................................................... 8 1.6 TRADEMARKS ................................................................................................................................................................... 10 1.7 DOCUMENTS AND MAINTENANCE ................................................................................................................................. 10

2 INCIDENT RESPONSE TEAM (IRT) ................................................................................................. 11

2.1 OVERVIEW......................................................................................................................................................................... 11 2.2 IRT RESPONSE CAPABILITIES ........................................................................................................................................ 12 2.3 IRT ROSTER & RESPONSIBILITIES ................................................................................................................................ 12

3 INITIAL REPORTING, CLASSIFICATION, AND RESPONSE ......................................................... 16

3.1 INITIAL REPORTING OF A SECURITY INCIDENT........................................................................................................... 16 3.2 INITIAL ANALYSIS AND TRIAGE ...................................................................................................................................... 17 3.3 CLASSIFICATION OF A SECURITY INCIDENT ................................................................................................................ 17 3.4 ACTIVATION OF THE SECURITY INCIDENT RESPONSE TEAM ................................................................................... 18 3.5 IRT RESPONSE ASSIGNMENT ........................................................................................................................................ 18

4 RESPONSE PROCEDURES ............................................................................................................. 19

4.1 INITIAL RESPONSE ........................................................................................................................................................... 19 4.2 TIME TRACKING ................................................................................................................................................................ 20 4.3 SITUATION ASSESSMENT ............................................................................................................................................... 20 4.4 EVIDENCE-GATHERING, PROTECTING AND PRESERVING ........................................................................................ 23 4.5 TECHNICAL INVESTIGATIONS ........................................................................................................................................ 24 4.6 COMMUNICATIONS DURING RESPONSE PROCESS.................................................................................................... 24 4.7 INCIDENT RESPONSE ACTIVITY DOCUMENTATION .................................................................................................... 24 4.8 RECOVERY OPERATIONS ............................................................................................................................................... 25 4.9 INCIDENT RESPONSE CHECKLIST ................................................................................................................................. 25

5 INFORMATION PROTECTION .......................................................................................................... 26 6 COORDINATION OF INTERNAL COMMUNICATIONS ................................................................... 27

6.1 INTRA-IRT COMMUNICATIONS........................................................................................................................................ 27 6.2 NOTIFICATION OF AFFECTED USERS ........................................................................................................................... 27 6.3 NOTIFICATION OF SENIOR MANAGEMENT ................................................................................................................... 27 6.4 INTERNAL COMMUNICATIONS TEMPLATE.................................................................................................................... 27

7 COORDINATION OF EXTERNAL COMMUNICATIONS .................................................................. 28

7.1 DIRECTED TO ORGANIZATIONS TARGETING GRAYSON COLLEGE.......................................................................... 28 7.2 ORGANIZATIONS TARGETED FROM GRAYSON COLLEGE SYSTEMS....................................................................... 28 7.3 GRAYSON COLLEGE TECHNICAL SERVICE PROVIDERS............................................................................................ 29 7.4 LAW ENFORCEMENT AGENCIES .................................................................................................................................... 29 7.5 THE MEDIA ........................................................................................................................................................................ 29 7.6 LIAISON ACTIVITY............................................................................................................................................................. 30 7.7 COMPLIANCE WITH BREACH NOTIFICATION OBLIGATIONS ...................................................................................... 30 7.8 EXTERNAL COMMUNICATIONS TEMPLATE .................................................................................................................. 30

8 FINAL FINDINGS REPORT ............................................................................................................... 31

2

APPENDIX A ? GRAYSON COLLEGES SUPPORTING SECURITY DOCUMENTS ......................... 32 APPENDIX B ? IRT CURRENT ROSTER ............................................................................................ 33 APPENDIX C ? INCIDENT DETAILS GATHERING............................................................................. 34 APPENDIX D ? SECURITY INCIDENT SEVERITY CLASSIFICATIONS............................................ 36 APPENDIX E ? INCIDENT RESPONSE CHECKLIST ......................................................................... 38 APPENDIX F ? FINAL FINDINGS REPORT ........................................................................................ 40 APPENDIX G? COMMUNICATION TEMPLATES ............................................................................... 43 INSURANCE NOTICE OF LOSS .......................................................................................................... 44 APPENDIX I? SUGGESTED IRT TRAINING COURSES..................................................................... 45 DOCUMENT ACCEPTANCE ................................................................................................................ 46

3

About This Incident Response Plan

History

Version No. v1.0

Issue Date 10/15/2020

Status Draft

Reason for Change

Review

Reviewer's Details

Version No. Date

4

1 Introduction to the Incident Response Plan

The Incident Response Plan ("IRP") is intended to provide an organized, well-defined approach for responding to critical Security Incidents affecting Grayson College's electronic information assets. This Incident Response Plan shall be implemented by the College's Incident Response Team, which consists of a group of designated Grayson College employees tasked with the responsibility of responding to critical Security Incidents, including ensuring remediation of the Security Incident and recommending controls to prevent further Security Incidents from reoccurrence. The Grayson College Incident Response Team shall utilize this plan to assess the significance of an incident based on the operations impact on the affected resources and the current and potential technical effect of the incident (e.g., loss of revenue, productivity, access to services, reputation, unauthorized disclosure of confidential information, or propagation to other networks).

1.1 Scope

All authorized users have an interest in the security of college resources at Grayson College, and share in the responsibility for protection of those resources, prevention of problems, and incident detection and response. This IRP covers the response to critical Security Incidents that threaten the confidentiality, integrity, and availability of Grayson Colleges electronic information assets, as well as Grayson Colleges systems, networks, and media that collect, process, store, and deliver such information. It applies to critical Information Security incidents of all types and is applicable to employees, contractors, vendors, and other persons and/or organizations that perform technology functions in support of the College, including systems, network, desktop, and applications. Grayson College's Written Information Security Program, Information Handling, Backup and Retention Standard, and Business Continuity & Disaster Recovery Policy apply to this process.

1.2 Compliance

Failure to comply with the requirements in this process is grounds for disciplinary action, up to and including termination of employment, cancellation of consultancy or contractor arrangement, termination of business contract, civil action and/or criminal prosecution. In cases where there is a conflict between this process and other Information Security Policies and Procedures, the more stringent requirement applies. Every attempt should be made to follow the Incident Response process.

5

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download