Security Incident Reporting Procedures
PPD-0388
Purpose
The purpose of this document is to identify steps and procedures to respond to suspected or known breaches in IT security safeguards. This policy is coordinated with the William & Mary IT Security breach policy, as referenced below.
IT Security Response Team
There is established an IT Security Response Team that consists of the VIMS ISO, and the appropriate System Administrator(s), and Data Owner(s) of the system in question.
General IT System Security Incident Procedures
Information security events, incidents, and weaknesses (including “near-misses”) should be promptly reported and properly managed.
Reporting - All VIMS Information Technology users should report suspected incidents immediately to a member of the ITNS staff. ITNS staff shall evaluate incidents and report them to the Director of ITNS for subsequent handling by the Response Team.
The VIMS Incident Response Team will evaluate incidents and take within the following W&M Incident Response guidelines:
|
Scope |
Impact |
Severity |
Response |
High |
100 or more individuals affected |
Affects a critical system supporting essential functions of the Institute or University |
Breach of sensitive data or evidence of a significant system compromise |
See W&M InfoSec procedures at the link below. |
Medium |
10 < 100 individuals affected |
Affects an isolated function of the University but does not disrupt essential operations |
Breach of protected data or evidence of a compromised account |
See W&M InfoSec procedures at the link below |
Low |
Less than 10 individuals affected |
Affects a non-critical function of the University and does not disrupt any operations |
No breach of sensitive protected data or evidence of a compromised account |
For ‘Low’ level incident, the VIMS Information Security Team will manage the incident |
Action taken by the VIMS Response Team within the above guidelines shall be consistent with William & Mary (W&M) incident reporting and disciplinary policies as defined in the W&M ‘Information Security Incident Reporting and Response Policy and Procedures’ page, maintained by the W&M IT Security Office.