资讯安全事件回应

1. 目的

The purpose of this policy is to clearly define roles and responsibilities for the reporting, investigation and response of computer security incidents and data breaches.

2. 适用性

All members of the University community are responsible for promptly reporting any suspected or confirmed security incident involving 十大玩彩信誉平台 data or an associated information system, 即使他们在某种程度上对事件或事件有所贡献. Members of the University community must cooperate and assist with incident investigations and encourage their staff and others to report an incident and cooperate with an investigation.

3. 定义

美国数据: 包括, 但不限于, 以下:人事资料, 学生资料(FERPA), credit card/payment data as defined by the Payment Card Industry Data Security Standards (PCI DSS), protected health information (PHI) as defined by the Health Insurance Portability and Accountability Act (HIPAA) regulation, 和受控非机密信息(CUI).

4. 政策指导方针

The 十大玩彩信誉平台's Cyber Risk Team (CRT) was formed to review and enhance the University’s information security programs. The CRT investigates security events to determine whether an incident has occurred, 在多大程度上, 事故的原因和损害. The CRT is composed of a diverse team of University staff from various departments.

CRT指导恢复, containment and remediation of security incidents and may authorize and expedite changes to information systems necessary to do so. The CRT coordinates response with external parties when existing agreements place responsibility for incident investigations on the external party.

在进行安全事件调查期间, the CRT is authorized to monitor relevant USA IT resources and retrieve communications and other relevant records of specific users of USA IT resources, including login session data and the content of individual communications without notice or further approval.

Any external disclosure of information regarding information security incidents must be reviewed and approved by the Office of General Counsel.

CRT与执法部门协调, 政府机构, peer CRTs and relevant Information Sharing and Analysis Centers (ISACs) in the identification and investigation of security incidents. The CRT may share threat and incident information with these organizations that does not identify any member of the South Alabama community.

此策略适用于信息系统, 无论所有权或位置如何, 用于存储, 过程, 传输或访问美国数据以及所有人员，包括员工, 学生, 临时工, 承包商, those employed by contracted entities and others authorized to access USA enterprise assets and information resources.

5. 程序

所有可疑的信息安全事件都必须报告. The following courses of action need to be taken in the event of discovering an information security incident:

5.1 If the incident involves Protected Health Information (PHI) in electronic or paper form:

- Call USA Chief HIPAA Compliance Officer at (251) 470-5802 or the Office of Compliance at (251) 460-7115.

5.2 For all other incidents, notify your departmental IT Contact and/or the CSC Help Desk (6-6161). The IT Contact or Help desk will also notify the Information Security Department of any suspected IS incident by calling (251) 460-6161 and/or sending email to infosec@oh9988.com. 强烈建议打个电话. 如事故涉及:

- 无意的释放, 曝光, 或者泄露机密数据, the loss or compromise of portable computing devices or removable media containing sensitive data, or the discovery of unauthorized access to sensitive data on a computer or data storage device;
- The use of USA computing resources in the commission of fraudulent activities;
- 用于处理或存储受控非机密信息(CUI)的系统.

5.3 如果可疑事件涉及以下任何一项, 信息安全部门还将努力报告:

- 信用卡或借记卡账户信息, 通知税务会计办公室, (251) 414-8297, 并与PCI协调员交谈;
- Notify USA Chief HIPAA Compliance Officer at (251) 470-5802 or the Office of Compliance at (251) 460-7115;
- Fraudulent activity committed using USA computing resources; notify the Department of Internal Audit at (251) 460-7087;
- Criminal activity committed using USA computing resources; notify the USA Police Department at (251) 460-6312;
- Controlled Unclassified Information (CUI) related incident (systems and/or data), 导演, IT风险与合规电话251-460-7994;
- FERPA does not require data breach disclosure but The University Registrar Office should be contacted.

When a subpoena or court order is issued pursuant to any investigation related to information technology the USA Office of General Counsel must be notified and will direct the actions to be taken. University Police and Office of General Counsel will serve as liaison with all external law enforcement agencies (FBI, 其他联邦, 状态, (本地)进行所有资讯科技保安调查.

大学鼓励利益相关者报告其他关注的问题, 涉嫌违规, or criminal activity to their supervisor or other campus entities as appropriate. Departmental IT Contacts are responsible for dissemination of this policy to their departments. The Cyber Response Team (CRT) is responsible for responding to High Severity incidents according to established procedures. The Director of Information Security is responsible for coordinating the CRT and augments staff with subject matter experts as necessary.

6. 执行

Any USA employee found to have intentionally violated this policy or mislead an incident response investigation will be subject to disciplinary action up to and including loss of employment.

7. 相关文档

不适用.