Information Technology Services – Fred Miller, Chief Information Officer
Last Revised: 03/07/17
Title: Security Incident Response Policy
Applicable: Wofford Students, Faculty and Staff
Contacts: IT Help Center x4357
Background: Compromises in security can occur at every level of computing from an individual's desktop computer to the largest and best-protected systems on campus. Incidents can be accidental incursions, or deliberate attempts to break into systems, and can be benign to malicious in purpose or consequence. Regardless, each incident requires careful response at a level commensurate with its potential impact to the security of individuals and the campus.
Policy: In the case when an information security incident is determined to be of potentially serious consequence, the responsibility for acting to resolve the incident and to respond to any negative impact rests with the College rather than individuals or departments. The Chief Information Officer and the Director of Risk Management will develop and maintain a detailed Security Incident Response Plan to respond to serious information security incidents.
[i] Scafone, K., Grance, T., and Masone K.; “Computer Security Incident Handling Guide”; NIST 800-61 Rev. 1., Computer Security Division, Information Technology Laboratory, Nationals Institute of Standards, and Technology, Gaithersburg, MD, March, 2008. <accessed 5/13/2014 from http://csrc.nist.gov/publications/nistpubs/800-61rev2/SP800-61rev2.pdf>