Skip to content. | Skip to navigation

Advanced Search…
Personal tools
You are here: Home Policies and Standards ISO ISO PS006 Security Incidents

ISO PS006 Security Incidents

Policies and Standards
ISO PS006 Security Incidents
[Previous]  [Next]  [Policy Home]

Policy Name: Security Incidents
Policy Number: IS PS006
Effective Date: July 23, 2007
Review Date: July 23, 2008
Last Revision Date: July 23, 2007
Last Revision By: Bruce Edwards
Contact Name: Bruce W. Edwards
Contact Email: ISOPolicy@louisville.edu
Approved By: Compliance Oversight Council
Version: 1.0

POLICY:

The policy of the University of Louisville is to minimize both the frequency and the severity of information security incidents within the University environment. All users are responsible for and must maintain their University computing devices and data in as safe a manner as is reasonably possible. In the event of an incident, the standards outlined in this document as well as the related procedures must be followed.

STANDARDS:

Background and definition:

Compromises in security can potentially occur at every level of computing from an individual's desktop computer to the largest and best-protected systems on campus. Incidents can be accidental incursions or deliberate attempts to break into systems and can be benign to malicious in purpose or consequence. Regardless, each incident requires careful response at a level commensurate with its potential impact to the security of individuals, sensitive information and the campus as a whole.

The accelerated pace of technological change and concurrent reliance on electronic information systems has greatly increased both the potential exposure of sensitive information to the world at large via electronic means and the motivation of some to exploit computing devices, computing infrastructure and software either for gain or to cause organizational difficulties. Governmental authorities, regulatory bodies and standards organizations have recognized this new reality and responded with laws, regulations and other measures to motivate organizations to take the steps necessary to minimize or prevent security incidents before they occur.

This environment means that all persons within the University have an active role in preventing security incidents or in minimizing them when and if they occur.

For the purposes of this policy a "Security Incident" is any accidental or malicious act with the potential to

  • result in misappropriation or disclosure of sensitive information,
  • affect the functionality of the information technology infrastructure of the University,
  • provide for unauthorized access to university resources or information,
  • allow University information technology resources to be used to launch attacks against either other internal resources or the resources and information of other individuals or organizations.

The university has established procedures and identified the University of Louisville Computer Incident Response Team (ULCirt) as its authority in developing response plans to serious security incidents. As described below, reports of security incidents will be forwarded to ULCirt. ULCirt follows protocols in determining what actions should be taken and how incidents should be handled. Depending on the nature of the incident, ULCirt will frequently work with department or school faculty, staff and administrators. Incidents may be escalated to university counsel, human resources or other university officers as well as to law enforcement or outside authorities.

This document outlines the standards and process individuals should follow to report potentially serious security incidents. University staff members whose duties include managing computing and communications systems have even greater responsibilities. This document outlines their responsibilities in securing systems, monitoring and reporting IT security incidents, and assisting individuals, administrators, and other IT staff to resolve security problems.

Administrative standards:

Dealing with Viruses, Worms and other common "Malicious" Software

  • Individuals and information technology support professionals are not required to report IT security incidents involving viruses, worms, and other common malicious software if self contained and completely removed by anti-virus, anti-spyware or other software. If, in the judgment of the Tier 1 or other authorized technical support personnel, the software could pose a risk to university data and was not successfully removed the incident must be reported. Please follow the standards in the next section, Reporting and Responding to IT Security Incidents.
  • Because malicious software can reduce the functionality or otherwise affect the campus computing and communication environment, individuals and information technology support professionals are expected to:
    • prevent computer equipment under their control from being infected with malicious software by the use of preventive software and monitoring (see ISO PS014 Protection from Malicious Software policy and standards), and
    • take immediate action to prevent the spread of any acquired infections from any computers under their control.
  • Assistance is available from your Tier 1 or other local information technology support and from the Enterprise Network Security Team in I.T. See next section for contact information.

Reporting and Responding to IT Security Incidents

  • Individuals
    • Should attempt to stop any further damage from an IT security incident by powering-down the computer and disconnecting it from the campus network.
    • Report IT security incidents to ULCirt at SecureIT@louisville.edu. ULCirt will help you assess the problem and determine how to proceed.
    • If the incident has potentially serious consequences and requires immediate attention, individuals should report the incident to the IT Help Desk at 502-852-7997 and request Priority One status.
    • Following the report, individuals should comply with directions provided by IT support staff or ULCirt to repair the system, restore service, and preserve evidence of the incident.
    • No retaliatory action should be taken against a system or person believed to have been involved in the IT security incident. All response actions should be guided by the IT Security policy and all other applicable university policies.
  • IT Support Professionals
    Department, college, or unit information technology support professionals have additional responsibilities for IT security incident handling and reporting for both the systems they manage personally for their units and the systems of users within their units. In the case of an IT security incident, IT support staff should:
    • Respond quickly to reports from individuals.
    • Take immediate action to stop the incident from continuing or recurring.
    • Report IT security incidents to ULCirt at SecureIT@louisville.edu. They will help you assess the problem and determine how to proceed.
    • If the incident has potentially serious consequences and requires immediate attention, individuals should report the incident to the IT Help Desk at 502-852-7997 and request Priority One status.
    • Notify the appropriate college, department or unit administrator that an incident has occurred and that ULCirt has been contacted.
    • Refrain from discussing the incident with others until a response plan has been formulated.
    • Follow ULCirt guidance to repair the system, restore service, and preserve evidence of the incident.

SCOPE / APPLICABILITY:

All persons while conducting/performing work, teaching, research or study activity or otherwise using University resources. Scope/Applicability also includes all facilities, property, data and equipment owned, leased and/or maintained by the University or affiliates.

POLICY AUTHORITY / ENFORCEMENT:

The University's Information Security Officer (ISO) is responsible for the development and oversight of these policies and standards. The ISO works in conjunction with University Leadership, Information Technology, Audit Services and others for development, monitoring and enforcement of these policies and standards.

POLICY REVIEW:

This policy will be reviewed annually to determine if the policy is in compliance with the applicable security regulations and University direction. In the event that significant regulatory changes occur, this policy will be reviewed and updated as needed.

COMPLIANCE:

Failure to comply with these policies and standards and/or any related information security and/or information technology policy, standard or procedure may result in disciplinary action up to and including termination of employment, services or relationship with the University and/or action in accordance with local ordinances, state or federal laws.

REVISION HISTORY:

Version / Revision Date / Description

1.0 / July 23, 2007 / Original Publication

This policy is subject to change or termination by the University at any time. This policy SUPERSEDES all prior policies, procedures or advisories pertaining to the same subject.

Approved July 23, 2007 by the Compliance Oversight Council
Shirley C Willihnganz, Executive Vice President and University Provost, Chair of the Compliance Oversight Council

Thanks to Iowa State University for elements of this document (http://policy.iastate.edu/policy/it/incident/)

 [Next]

Document Actions

10/27/2008
University of Louisville Selects GuardianEdge to Protect Sensitive Data for Faculty, Staff, Doctors and Researchers

  • GuardianEdge, the leader in enterprise endpoint data protection, today announced that the University of Louisville has selected the GuardianEdge Hard Disk Encryption, Smartphone Protection and Device Control solutions to safeguard data for faculty and staff, doctors and researchers. [Click here for more information]

10/20/08
Fourth Annual Cyber-Security Awareness Week was a BIG Success!

08/25/08
Safe computing starts with knowing the rules of the road (InfoSec Bulletin #7 - August 25, 2008)

08/20/07
Information Security Policies
and Standards Approved: