Incident Response Plan - Grayson College

Grayson College

Incident Response Plan

All printed copies and duplicate soft copies are considered uncontrolled.

The original online version should be referred to for the latest version.

1

Contents

CONTENTS ............................................................................................................................................. 2

ABOUT THIS INCIDENT RESPONSE PLAN ......................................................................................... 4

HISTORY .................................................................................................................................................................................... 4

REVIEW ...................................................................................................................................................................................... 4

1 INTRODUCTION TO THE IRP ............................................................................................................. 5

1.1 SCOPE ................................................................................................................................................................................ 5

1.2 COMPLIANCE ..................................................................................................................................................................... 5

1.3 AUDIENCE .......................................................................................................................................................................... 6

1.4 RESPONSIBILITIES ............................................................................................................................................................. 6

1.5 DEFINITIONS ....................................................................................................................................................................... 8

1.6 TRADEMARKS ................................................................................................................................................................... 10

1.7 DOCUMENTS AND MAINTENANCE ................................................................................................................................. 10

2 INCIDENT RESPONSE TEAM (IRT) ................................................................................................. 11

2.1 OVERVIEW ......................................................................................................................................................................... 11

2.2 IRT RESPONSE CAPABILITIES ........................................................................................................................................ 12

2.3 IRT ROSTER & RESPONSIBILITIES ................................................................................................................................ 12

3 INITIAL REPORTING, CLASSIFICATION, AND RESPONSE ......................................................... 16

3.1 INITIAL REPORTING OF A SECURITY INCIDENT ........................................................................................................... 16

3.2 INITIAL ANALYSIS AND TRIAGE ...................................................................................................................................... 17

3.3 CLASSIFICATION OF A SECURITY INCIDENT ................................................................................................................ 17

3.4 ACTIVATION OF THE SECURITY INCIDENT RESPONSE TEAM ................................................................................... 18

3.5 IRT RESPONSE ASSIGNMENT ........................................................................................................................................ 18

4 RESPONSE PROCEDURES ............................................................................................................. 19

4.1 INITIAL RESPONSE ........................................................................................................................................................... 19

4.2 TIME TRACKING ................................................................................................................................................................ 20

4.3 SITUATION ASSESSMENT ............................................................................................................................................... 20

4.4 EVIDENCE-GATHERING, PROTECTING AND PRESERVING ........................................................................................ 23

4.5 TECHNICAL INVESTIGATIONS ........................................................................................................................................ 24

4.6 COMMUNICATIONS DURING RESPONSE PROCESS.................................................................................................... 24

4.7 INCIDENT RESPONSE ACTIVITY DOCUMENTATION .................................................................................................... 24

4.8 RECOVERY OPERATIONS ............................................................................................................................................... 25

4.9 INCIDENT RESPONSE CHECKLIST ................................................................................................................................. 25

5 INFORMATION PROTECTION .......................................................................................................... 26

6 COORDINATION OF INTERNAL COMMUNICATIONS ................................................................... 27

6.1 INTRA-IRT COMMUNICATIONS ........................................................................................................................................ 27

6.2 NOTIFICATION OF AFFECTED USERS ........................................................................................................................... 27

6.3 NOTIFICATION OF SENIOR MANAGEMENT ................................................................................................................... 27

6.4 INTERNAL COMMUNICATIONS TEMPLATE .................................................................................................................... 27

7 COORDINATION OF EXTERNAL COMMUNICATIONS .................................................................. 28

7.1 DIRECTED TO ORGANIZATIONS TARGETING GRAYSON COLLEGE .......................................................................... 28

7.2 ORGANIZATIONS TARGETED FROM GRAYSON COLLEGE SYSTEMS ....................................................................... 28

7.3 GRAYSON COLLEGE TECHNICAL SERVICE PROVIDERS............................................................................................ 29

7.4 LAW ENFORCEMENT AGENCIES .................................................................................................................................... 29

7.5 THE MEDIA ........................................................................................................................................................................ 29

7.6 LIAISON ACTIVITY ............................................................................................................................................................. 30

7.7 COMPLIANCE WITH BREACH NOTIFICATION OBLIGATIONS ...................................................................................... 30

7.8 EXTERNAL COMMUNICATIONS TEMPLATE .................................................................................................................. 30

8 FINAL FINDINGS REPORT ............................................................................................................... 31

2

APPENDIX A ¨C GRAYSON COLLEGES SUPPORTING SECURITY DOCUMENTS ......................... 32

APPENDIX B ¨C IRT CURRENT ROSTER ............................................................................................ 33

APPENDIX C ¨C INCIDENT DETAILS GATHERING............................................................................. 34

APPENDIX D ¨C SECURITY INCIDENT SEVERITY CLASSIFICATIONS ............................................ 36

APPENDIX E ¨C INCIDENT RESPONSE CHECKLIST ......................................................................... 38

APPENDIX F ¨C FINAL FINDINGS REPORT ........................................................................................ 40

APPENDIX G¨C COMMUNICATION TEMPLATES ............................................................................... 43

INSURANCE NOTICE OF LOSS .......................................................................................................... 44

APPENDIX I¨C SUGGESTED IRT TRAINING COURSES..................................................................... 45

DOCUMENT ACCEPTANCE ................................................................................................................ 46

3

About This Incident Response Plan

History

Version No.

Issue Date

Status

v1.0

10/15/2020

Draft

Reason for Change

Review

Reviewer¡¯s Details

Version No.

4

Date

1 Introduction to the Incident Response Plan

The Incident Response Plan (¡°IRP¡±) is intended to provide an organized, well-defined approach for

responding to critical Security Incidents affecting Grayson College¡¯s electronic information assets.

This Incident Response Plan shall be implemented by the College¡¯s Incident Response Team, which

consists of a group of designated Grayson College employees tasked with the responsibility of

responding to critical Security Incidents, including ensuring remediation of the Security Incident and

recommending controls to prevent further Security Incidents from reoccurrence. The Grayson College

Incident Response Team shall utilize this plan to assess the significance of an incident based on the

operations impact on the affected resources and the current and potential technical effect of the

incident (e.g., loss of revenue, productivity, access to services, reputation, unauthorized disclosure of

confidential information, or propagation to other networks).

1.1 Scope

All authorized users have an interest in the security of college resources at Grayson College, and

share in the responsibility for protection of those resources, prevention of problems, and incident

detection and response. This IRP covers the response to critical Security Incidents that threaten the

confidentiality, integrity, and availability of Grayson Colleges electronic information assets, as well as

Grayson Colleges systems, networks, and media that collect, process, store, and deliver such

information. It applies to critical Information Security incidents of all types and is applicable to

employees, contractors, vendors, and other persons and/or organizations that perform technology

functions in support of the College, including systems, network, desktop, and applications. Grayson

College¡¯s Written Information Security Program, Information Handling, Backup and Retention

Standard, and Business Continuity & Disaster Recovery Policy apply to this process.

1.2 Compliance

Failure to comply with the requirements in this process is grounds for disciplinary action, up to and

including termination of employment, cancellation of consultancy or contractor arrangement,

termination of business contract, civil action and/or criminal prosecution. In cases where there is a

conflict between this process and other Information Security Policies and Procedures, the more

stringent requirement applies. Every attempt should be made to follow the Incident Response

process.

5

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download