Information Technology Services – Dr. Baz Abouelenein, Chief Information Officer
Last Revised: 03/07/17
Title: Security Incident Response Policy
Applicable: Wofford Students, Faculty and Staff
Contacts: IT Help Center x4357
Background: Compromises in security can occur at every level of computing from an individual's desktop computer to the largest and best-protected systems on campus. Incidents can be accidental incursions, or deliberate attempts to break into systems, and can be benign to malicious in purpose or consequence. Regardless, each incident requires careful response at a level commensurate with its potential impact to the security of individuals and the campus.
Policy: In the case when an information security incident is determined to be of potentially serious consequence, the responsibility for acting to resolve the incident and to respond to any negative impact rests with the College rather than individuals or departments. The Chief Information Officer and the Director of Risk Management will develop and maintain a detailed Security Incident Response Plan to respond to serious information security incidents.
- All individuals and ITS support professionals are expected to prevent computer equipment under their control from being infected with viruses and other malware by following the provisions of the College’s Anti-Virus Policy.
- Individual users should attempt to stop any observed information security incident as it occurs. Do not power down the computer. Disconnecting it from the campus network will stop any potentially threatening activity. Please leave the machine powered up.
- Individuals must report information security incidents to an ITS support professional. ITS staff will help you assess the problem and determine how to proceed. Security incidents may be reported by calling 864-597-4357, or sending an email to email@example.com. To report an urgent security incident outside of normal work hours, please call Campus Safety at 864-597-4911.
- Following the report, individuals should comply with directions provided by ITS support staff to repair the system, restore service, and preserve evidence of the incident.
- No retaliatory action should be taken against a system or person believed to have been involved in the information security incident. Response actions should be guided by the IT Security policy.
- ITS support professionals have additional responsibilities for information security incident handling, and reporting, for both the systems they manage personally and the systems of users. In general, ITS support professionals should, as much as feasible, follow suggested guidelines for incident handling as described in NIST Special Publication 800-61, “Computer Security Incident Handling Guide”.[i]
- Detailed processes for security incident responses, including credit card incidents, will be documented in the College’s Security Incident Response Plan.
[i] Scafone, K., Grance, T., and Masone K.; “Computer Security Incident Handling Guide”; NIST 800-61 Rev. 1., Computer Security Division, Information Technology Laboratory, Nationals Institute of Standards, and Technology, Gaithersburg, MD, March, 2008. <accessed 5/13/2014 from http://csrc.nist.gov/publications/nistpubs/800-61rev2/SP800-61rev2.pdf>