rnd_border

Information Security Incident Response Policy

Purpose:

According to Texas Senate Bill 122 Section 48.102 the university "shall implement and maintain reasonable procedures, including taking any appropriate corrective action, to protect and safeguard from unlawful use or disclosure of any sensitive personal information collected or maintained in the regular course of business." The purpose of this policy is to provide the basis of appropriate response to incidents that threaten the confidentiality, integrity, and availability of university digital assets, information systems, and the networks that deliver the information.

Scope:

The Information Security Incident Response Policy applies to all users of the Trinity computing network.

Policy:

Intrusion attempts, security breaches, theft or loss of hardware and other security related incidents perpetrated against the University must be reported to Information Technology Services. Anyone with knowledge or a reasonable suspicion of an incident which violates the confidentiality, integrity, or availability of digital information will make an immediate report to the following e-mail address infosec@trinity.edu. Upon notification of an incident the Information Security Administrator will investigate and, as needed, escalate, remediate, or refer to others. The incident will be documented providing a general description of events, approximate timelines, parties involved, resolution of the incident, external notifications required and recommendations for prevention and remediation. All external notification must be approved by the V.P. for Information Resources and Administrative Affairs and carried out in accordance with Texas Senate Bill 122 known as the Identity Theft and Protection Act.

Definitions:

The Trinity Computing Network is the group of stations (computers, telephones, or other electronic devices) owned or operated by Trinity University, connected by communications facilities owned or operated by Trinity University for exchanging information. Connection can be permanent, via cable, or temporary, through telephone or other communications links. The transmission medium can be physical (i.e. fiber optic cable) or wireless (i.e. satellite, radio or otherwise).

Sensitive Personal Information as defined by the Texas Senate Bill 122 means, "an individual's first name or first initial and last name combination with any one or more of the following data elements (when the name or data element is not encrypted):

  • Social security number
  • Driver's license or government issued identification number
  • Account number or credit or debit card number in combination with any required security code, access code, or password that would permit access to an individual's financial account.
  • Does not include publicly available information that is lawfully made available to the general public from the Federal government or a state or a local government" (2-3).
    • Examples of Security Incidents:
  • The theft of physical loss of computer equipment known to store SSNs Loss or theft of PDA, BlackBerry or other mobile device
  • A server known to have sensitive data is accessed or otherwise compromised by an unauthorized party.
  • A firewall accessed by an unauthorized entity A DDoS (Distributed Denial of Service) attack.
  • The act of violating an explicit or implied security policy A virus or worm uses open file shares to infect from one to hundreds of desktop computers
  • An attacker runs an exploit tool to gain access to a University server's password file.

    •  ______________ Texas. Legislature of the State of Texas. Identity Theft Enforcement and Protection Act. By Juan Hinojosa. 2005. 27 Mar. 2007 http://www.legis.state.tx.us/tlodocs/79R/billtext/pdf/SB00122F.pdf

     


     
    rnd_border