January 10, 2019
Executive Director, Gallaudet Technology Services
The following policy details the Gallaudet Technology Services (GTS) Incident Response Framework that governs how GTS responds to major IT security incidents on campus.
The following table defines the roles and responsibilities of Incident Response Framework stakeholders and participants who form the Incident Response Team that responds to computer security incidents:
|GTS Info Security||GTS Information Security and Networks office employs security administrators who maintain network security, monitor network activity, perform vulnerability scans of host systems and respond to identified and reported incidents.|
|Data Center Unit||The GTS Data Center unit is responsible for operating systems and patches on servers in the Edward Miner Gallaudet building or Benson Data Center. In some cases, the system owner is responsible for any applications residing on the machine. Often times the Data Center Unit, system owner, and GTS Security work together to application security issues and problems.|
|Support Provider||A Support Provider is any employee that provides end user workstation or application support including Computer Support Services (CSS) and IT Service Desk employees Additionally, any Gallaudet University employee tasked with providing department-specific end user support can be considered a support provider.|
|User||Users are often on the front line of reporting IT security incidents because they can report it directly to the Executive Director of GTS. The Director then interviews the user directly about the IT security incident they are reporting.|
Information Security at Gallaudet University is a team effort with GTS Information Security and system owners both actively involved and responsible for the overall health, security and functionality of the Gallaudet University hosts and services.
GTS Information Security is responsible for overall network health, security and functionality. They continuously monitor connections to the internal, external and wireless networks and review them daily in accordance with established log retention and management protocols.
Upon the identification of a potential or confirmed vulnerability, GTS Information Security takes action to define a scope and impact of the incident and inform the Executive Director of GTS and the GTS Information Security Officer (ISO), as well as the System Owner and Support Providers as appropriate and necessary. The Manager of the Office of Risk Management should also be informed in cases of confirmed vulnerabilities. For the purposes of this framework and procedures, system owners are defined to include both Data Stewards (those responsible for the data in the system) and Data Custodians (those responsible for administrating the system in which the data resides).
The System Owner monitors and reviews access to and utilization of system functions in accordance with established log retention and management protocols. Upon detection of a realized or potential security incident, the System Owner will take action to define the scope and impact of the incident and notify the Executive Director of GTS and the GTS Information Security Officer (ISO). If the incident has potentially jeopardized the security of confidential, proprietary or sensitive University data, the Incident Response Team convenes.
Support Providers are responsible for identifying end-user workstation security risks and incidents. Upon confirmation of a security incident, the Service Provider will inform the GTS Security team and Director of Network Operations. Such incidents include, but are not limited to, viruses, worms, denial of service attacks, local attacks or and realized or potential disclosure or loss of confidential, proprietary or sensitive University data.
Users are responsible for the appropriate use of services and maintenance of data that they have been authorized to access to include the proper handling, storage and dissemination of confidential, proprietary and sensitive University information. In the event that locally stored data is misplaced or improperly distributed to unauthorized audiences, users must inform their manager, GTS Information Security Officer and Executive Director of GTS immediately. If a User detects a suspected or realized Computer Security Incident, they will report this situation to their Support Provider or department manager for escalation.
Upon report of a Information Security incident, GTS Information Security Officer (ISO) and System Owners and other needed GTS personnel will convene to assess, investigate, mitigate and ultimately remediate the security vulnerability.
In the event of a Data Security Incident, the GTS Information Security Officer (ISO) convenes the Incident Response Team with the Executive Director of GTS and representatives from the affected University departments to coordinate response actions and communications with the parties affected by the loss or dissemination of this data.
The Incident Response Team, and/or the Executive Director of GTS and GTS Information Security Officer (ISO) will consult with appropriate individuals as deemed necessary, including the University legal team, or law enforcement personnel when the need surfaces.
The Incident Response Team prioritizes the incident based upon the realized or potential threat and impact to Gallaudet University systems, services or data in the following order:
The Incident Response Team documents all reported security incidents, findings and remediation actions with GTS Information Security producing an annual summary of security incidents.
Last Reviewed: 11/04/2019