URP: I.19.h Information Security Incident Response

Tags techurp

STATEMENT OF PURPOSE
This document serves to establish information security incident response regulations and procedures. The purpose of these regulations and procedures are to improve Texas Woman's University’s (TWU) capability to identify, respond, and manage information security incidents, which may occur across the university environment.
DEFINITIONS
Cyber Forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law.
Security Incident is the act of violating an explicit or implied security regulation.
Incidents include but are not limited to:
• attempts (either failed or successful) to gain unauthorized access to a information system or its data
• unwanted disruption or denial of service
• the unauthorized use of a information system for the processing or storage of data
• changes to information system hardware, firmware, or software characteristics without the owner's knowledge, instruction, or consent
SCOPE
The scope of these regulations and procedures are applicable to all information resources owned or operated by TWU. All users are responsible for adhering to this policy. If needed or appropriate, information regarding roles, responsibilities, management commitment, and coordination among organizational entities are embedded within these procedures.
REGULATIONS AND PROCEDURES
The State of Texas has chosen to adopt the incident management principles established in the National Institute for Standards and Technology (NIST) Special Publication (SP) 800-61 “Computer Security Incident Handling Guide”. The following subsections outline the incident management standards that constitute TWU’s regulations and procedures.
IR-1 Incident Response:
 Regulations:
▪ TWU must develop, adopt or adhere to a formal incident management regulations and procedures that address purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.
 Procedures:
▪ The Office of Technology (OOT) will maintain regulations and procedures for formal incident management that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.
IR-4 Incident Handling:
 Regulations:
▪ TWU must develop, adhere to or adopt incident handling capabilities for security incidents that includes preparation, detection and analysis, containment, eradication, and recovery.
 Procedures:
▪ OOT maintains a document entitled “Texas Woman’s University Incident Response Plan” (TWUIRP) which outlines the reporting, escalation, handling, and documentation of incidents. The TWUIRP is updated with new information and processes based on testing, usage, and feedback.
▪ OOT Security Team also reports all incident data on a monthly basis to the Texas Department of Information Resources (DIR) through the online DIR Archer reporting system.
IR-5 Incident Monitoring:
 Regulations:
▪ TWU must develop, adhere to or adopt incident monitoring processes which track and document information asset security incidents on an ongoing basis.
 Procedures:
▪ OOT Security Team tracks and records security incidents using several methods including but not limited to incidents reported through, the service request system, antivirus systems, and network security systems.
IR-6 Incident Reporting:
 Regulations:
▪ Users that discover a suspected security incident must report the incident immediately.
 Procedures:
▪ All information system users must report a suspected security incident to the Service Desk by phone 940-898-3971, email servicedesk@twu.edu, or service request system.
IR-8 Incident Response Plan:
 Regulations:
▪ TWU must develop an incident response plan that:
• Provides the university with a roadmap for implementing its incident response capability;
• Describes the structure and organization of the incident response capability;
• Provides a high-level approach for how the incident response capability fits into the overall university;
• Meets the unique requirements of the university, which relate to mission, size, structure, and functions;
• Defines reportable incidents;
• Provides metrics for measuring the incident response capability within the university;
• Defines the resources and management support needed to effectively maintain and mature an incident response capability.
▪ The TWUIRP must be reviewed, updated, approved and securely communicated to the appropriate individuals.
 Procedures:
▪ OOT maintains an TWUIRP that:
• Provides the university with a roadmap for implementing its incident response capability;
• Describes the structure and organization of the incident response capability;
• Provides a high-level approach for how the incident response capability fits into the overall university;
• Meets the unique requirements of the university, which relate to mission, size, structure, and functions;
• Defines reportable incidents;
• Provides metrics for measuring the incident response capability within the university;
• Defines the resources and management support needed to effectively maintain and mature an incident response capability.
▪ OOT TWUIRP is created, maintained and tested by the OOT Security Team annually.
▪ OOT TWUIRP is reviewed and updated by the Information Security Officer (ISO) annually.
▪ OOT TWUIRP is approved by the Chief Information Officer (CIO) annually.
APPLICABILITY TWU Students, Faculty, Staff, and Guest TWU Student TWU Faculty TWU Staff TWU Guest
COMPLIANCE
Violation of this policy may result in disciplinary action, which may include termination for employees and temporaries; a termination of employment relations in the case of contractors or consultants; termination of access; legal action; termination for interns and volunteers; disciplinary review; suspension or expulsion (in the case of a student).
SPECIAL NOTES
Department of Information Resources Security Standards Catalog http://publishingext.dir.texas.gov/portal/internal/resources/DocumentLibrary/Security%20Control%20Standards%20Catalog.pdf
DIR Archer reporting system
https://egrc.archer.rsa.com/Default.aspx

Owner:
Associate Provost for Technology

Details

Article ID: 56376
Created
Fri 6/22/18 10:47 AM
Modified
Mon 3/25/19 11:17 AM