Incident Response Plan - Grayson College
Grayson College Incident Response Plan
All printed copies and duplicate soft copies are considered uncontrolled. The original online version should be referred to for the latest version.
1
Contents
CONTENTS ............................................................................................................................................. 2 ABOUT THIS INCIDENT RESPONSE PLAN ......................................................................................... 4
HISTORY .................................................................................................................................................................................... 4 REVIEW ...................................................................................................................................................................................... 4
1 INTRODUCTION TO THE IRP ............................................................................................................. 5
1.1 SCOPE ................................................................................................................................................................................ 5 1.2 COMPLIANCE ..................................................................................................................................................................... 5 1.3 AUDIENCE .......................................................................................................................................................................... 6 1.4 RESPONSIBILITIES ............................................................................................................................................................. 6 1.5 DEFINITIONS ....................................................................................................................................................................... 8 1.6 TRADEMARKS ................................................................................................................................................................... 10 1.7 DOCUMENTS AND MAINTENANCE ................................................................................................................................. 10
2 INCIDENT RESPONSE TEAM (IRT) ................................................................................................. 11
2.1 OVERVIEW......................................................................................................................................................................... 11 2.2 IRT RESPONSE CAPABILITIES ........................................................................................................................................ 12 2.3 IRT ROSTER & RESPONSIBILITIES ................................................................................................................................ 12
3 INITIAL REPORTING, CLASSIFICATION, AND RESPONSE ......................................................... 16
3.1 INITIAL REPORTING OF A SECURITY INCIDENT........................................................................................................... 16 3.2 INITIAL ANALYSIS AND TRIAGE ...................................................................................................................................... 17 3.3 CLASSIFICATION OF A SECURITY INCIDENT ................................................................................................................ 17 3.4 ACTIVATION OF THE SECURITY INCIDENT RESPONSE TEAM ................................................................................... 18 3.5 IRT RESPONSE ASSIGNMENT ........................................................................................................................................ 18
4 RESPONSE PROCEDURES ............................................................................................................. 19
4.1 INITIAL RESPONSE ........................................................................................................................................................... 19 4.2 TIME TRACKING ................................................................................................................................................................ 20 4.3 SITUATION ASSESSMENT ............................................................................................................................................... 20 4.4 EVIDENCE-GATHERING, PROTECTING AND PRESERVING ........................................................................................ 23 4.5 TECHNICAL INVESTIGATIONS ........................................................................................................................................ 24 4.6 COMMUNICATIONS DURING RESPONSE PROCESS.................................................................................................... 24 4.7 INCIDENT RESPONSE ACTIVITY DOCUMENTATION .................................................................................................... 24 4.8 RECOVERY OPERATIONS ............................................................................................................................................... 25 4.9 INCIDENT RESPONSE CHECKLIST ................................................................................................................................. 25
5 INFORMATION PROTECTION .......................................................................................................... 26 6 COORDINATION OF INTERNAL COMMUNICATIONS ................................................................... 27
6.1 INTRA-IRT COMMUNICATIONS........................................................................................................................................ 27 6.2 NOTIFICATION OF AFFECTED USERS ........................................................................................................................... 27 6.3 NOTIFICATION OF SENIOR MANAGEMENT ................................................................................................................... 27 6.4 INTERNAL COMMUNICATIONS TEMPLATE.................................................................................................................... 27
7 COORDINATION OF EXTERNAL COMMUNICATIONS .................................................................. 28
7.1 DIRECTED TO ORGANIZATIONS TARGETING GRAYSON COLLEGE.......................................................................... 28 7.2 ORGANIZATIONS TARGETED FROM GRAYSON COLLEGE SYSTEMS....................................................................... 28 7.3 GRAYSON COLLEGE TECHNICAL SERVICE PROVIDERS............................................................................................ 29 7.4 LAW ENFORCEMENT AGENCIES .................................................................................................................................... 29 7.5 THE MEDIA ........................................................................................................................................................................ 29 7.6 LIAISON ACTIVITY............................................................................................................................................................. 30 7.7 COMPLIANCE WITH BREACH NOTIFICATION OBLIGATIONS ...................................................................................... 30 7.8 EXTERNAL COMMUNICATIONS TEMPLATE .................................................................................................................. 30
8 FINAL FINDINGS REPORT ............................................................................................................... 31
2
APPENDIX A ? GRAYSON COLLEGES SUPPORTING SECURITY DOCUMENTS ......................... 32 APPENDIX B ? IRT CURRENT ROSTER ............................................................................................ 33 APPENDIX C ? INCIDENT DETAILS GATHERING............................................................................. 34 APPENDIX D ? SECURITY INCIDENT SEVERITY CLASSIFICATIONS............................................ 36 APPENDIX E ? INCIDENT RESPONSE CHECKLIST ......................................................................... 38 APPENDIX F ? FINAL FINDINGS REPORT ........................................................................................ 40 APPENDIX G? COMMUNICATION TEMPLATES ............................................................................... 43 INSURANCE NOTICE OF LOSS .......................................................................................................... 44 APPENDIX I? SUGGESTED IRT TRAINING COURSES..................................................................... 45 DOCUMENT ACCEPTANCE ................................................................................................................ 46
3
About This Incident Response Plan
History
Version No. v1.0
Issue Date 10/15/2020
Status Draft
Reason for Change
Review
Reviewer's Details
Version No. Date
4
1 Introduction to the Incident Response Plan
The Incident Response Plan ("IRP") is intended to provide an organized, well-defined approach for responding to critical Security Incidents affecting Grayson College's electronic information assets. This Incident Response Plan shall be implemented by the College's Incident Response Team, which consists of a group of designated Grayson College employees tasked with the responsibility of responding to critical Security Incidents, including ensuring remediation of the Security Incident and recommending controls to prevent further Security Incidents from reoccurrence. The Grayson College Incident Response Team shall utilize this plan to assess the significance of an incident based on the operations impact on the affected resources and the current and potential technical effect of the incident (e.g., loss of revenue, productivity, access to services, reputation, unauthorized disclosure of confidential information, or propagation to other networks).
1.1 Scope
All authorized users have an interest in the security of college resources at Grayson College, and share in the responsibility for protection of those resources, prevention of problems, and incident detection and response. This IRP covers the response to critical Security Incidents that threaten the confidentiality, integrity, and availability of Grayson Colleges electronic information assets, as well as Grayson Colleges systems, networks, and media that collect, process, store, and deliver such information. It applies to critical Information Security incidents of all types and is applicable to employees, contractors, vendors, and other persons and/or organizations that perform technology functions in support of the College, including systems, network, desktop, and applications. Grayson College's Written Information Security Program, Information Handling, Backup and Retention Standard, and Business Continuity & Disaster Recovery Policy apply to this process.
1.2 Compliance
Failure to comply with the requirements in this process is grounds for disciplinary action, up to and including termination of employment, cancellation of consultancy or contractor arrangement, termination of business contract, civil action and/or criminal prosecution. In cases where there is a conflict between this process and other Information Security Policies and Procedures, the more stringent requirement applies. Every attempt should be made to follow the Incident Response process.
5
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- computer security incident response plan cmu
- state of oregon information security incident response plan
- incident response plan
- information security incident response plan oregon
- example incident response plan michigan
- security and privacy incident response plan
- incident response plan introduction scope
- hud breach notification response plan
- incident response template
- incident response plan template
Related searches
- 529 college savings plan ohio
- starling elementary grayson ga
- ohio college savings plan 529
- blackrock college advantage plan 529
- marketing plan ideas college project
- 529 college savings plan blackrock
- 529 college savings plan ohio blackrock
- 529 college savings plan calculator
- 529 college savings plan grandparents
- college advantage plan 529
- 529 college savings plan advantages
- 529 direct college plan ohio