Security Incident Reporting Procedures

PPD-0388

Purpose

The purpose of this document is to identify steps and procedures to respond to suspected or known breaches in IT security safeguards.  This policy is coordinated with the William & Mary IT Security breach policy, as referenced below.

IT Security Response Team

There is established an IT Security Response Team that consists of the VIMS ISO, and the appropriate System Administrator(s), and Data Owner(s) of the system in question.

General IT System Security Incident Procedures

Information security events, incidents, and weaknesses (including “near-misses”) should be promptly reported and properly managed.

Reporting - All VIMS Information Technology users should report suspected incidents immediately to a member of the ITNS staff.  ITNS staff shall evaluate incidents and report them to the Director of ITNS for subsequent handling by the Response Team.

The VIMS Incident Response Team will evaluate incidents and take within the following W&M Incident Response guidelines:

a table is used to format content

 

Scope

Impact

Severity

Response

High

100 or more individuals affected

Affects a critical system supporting essential functions of the Institute or University

Breach of sensitive data or evidence of a significant system compromise

See W&M InfoSec procedures at the link below.

Medium

10 < 100 individuals affected

Affects an isolated function of the University but does not disrupt essential operations

Breach of protected data or evidence of a compromised account

See W&M InfoSec procedures at the link below

Low

Less than 10 individuals affected

Affects a non-critical function of the University and does not disrupt any operations

No breach of sensitive protected data or evidence of a compromised account

For ‘Low’ level incident, the VIMS Information Security Team will manage the incident

Action taken by the VIMS Response Team within the above guidelines shall be consistent with William & Mary (W&M) incident reporting and disciplinary policies as defined in the W&M ‘Information Security Incident Reporting and Response Policy and Procedures’ page, maintained by the W&M IT Security Office.