Incident Response Standard for Cybersecurity

1 PURPOSEÌý

This standard outlines the procedures and responsibilities for responding to cybersecurity incidents within the university to protect the confidentiality, integrity, and availability of university information assets, minimize damage, and maintain the trust of the university community.


2 SCOPEÌý

This standard applies to all university departments, units, employees, contractors, and third-party service providers who handle university data and information systems.


3 STANDARDÌý

3.1 Reporting

3.1.1 All personnel who suspect or discover a cybersecurity incident must immediately report it to the designated incident response team or contact.ÌýIf contact is unknown, please reach out to Â̾ÞÈËÊÓƵ Helpdesk at (603) 862-4242 or /¾±³Ù/²¹²ú´Ç³Ü³Ù/³¦²â²ú±ð°ù²õ±ð³¦³Ü°ù¾±³Ù²â/³¦²â²ú±ð°ù²õ±ð³¦³Ü°ù¾±³Ù²â-¾±²Ô³¦¾±»å±ð²Ô³Ù-°ù±ð±è´Ç…Ìý

3.2 Classification

3.2.1 Incidents should be classified based on severity and potential impact to determine the appropriate response level.

3.3 Incident Response Process

3.3.1 Incident Response Team

The university will maintain a dedicated incident response team responsible for coordinating and executing the incident response plan.Ìý

3.4 Assessment

3.4.1 Upon notification, the incident response team will assess the incident's scope, impact, and potential risks.Ìý

3.5Ìý Containment and Mitigation:

3.5.1 Immediately contain and mitigate the incident to prevent further damage or data loss.Ìý

3.6Ìý Eradication:

3.6.1 Identify the root cause and eliminate the source of the incident.Ìý

3.7Ìý Recovery:

3.7.1 Implement recovery plans and restore affected systems and services to regular operation.Ìý

3.8Ìý Communication:

3.8.1 As necessary, maintain clear and timely communication with all relevant stakeholders, including affected parties, university leadership, legal counsel, and law enforcement.Ìý

3.9 Documentation:

3.9.1 Maintain detailed incident records, including actions taken, evidence collected, and communications.Ìý

3.10Ìý Legal and Regulatory Compliance:

3.10.1 Comply with all applicable laws and regulations concerning cybersecurity incidents.Ìý

3.11 Notification:

3.11.1 Notify affected individuals if applicable data breach notification laws compromise their personal information.Ìý


3.12Ìý Lessons Learned:

3.12. 1 Conduct a post-incident analysis to identify weaknesses in the incident response process and make necessary improvements.


DOCUMENT HISTORYÌý

  • Approved by:ÌýThomas Nudd, Chief Information Security OfficerÌý
  • Reviewed by:ÌýDr David A Yasenchock, Director, Cybersecurity GRCÌý
  • Revision History:ÌýV 1.1 December 13, 2022, Cybersecurity GRC Working GroupÌý
    • ÌýV 1.2 April 22, 2024, Cybersecurity GRC Working Group
    • Revised formatting, K SWEENEY, 30 MAY 2024