The following procedures establish responsibility for reporting and responding to security incidents involving Illinois State University's information technology resources, computers, networking systems and data, collectively defined here as "ISU Information Technology Resources and Systems". When information security incidents occur it is necessary to respond in a manner that is expedient, consistent, and proportional to the situation.
Information technology security incident - an event that:
Impacts or has the potential to impact the confidentiality, availability, or integrity of ISU Information Technology Resources and Systems.Violates state or federal law or the policies and procedures of the University.
The following individuals/teams are involved in incident response and may include overlapping members or may be made up of different members that will handle security incidents:
IT Security Incident Coordinator - The individual responsible for monitoring, evaluating. and determining the appropriate response to incident reports. The Incident Coordinator coordinates incident investigation, implements the Information Technology Security Incident Response Plan. The Incident Coordinator needs to be accessible during off-hours as incidents often take place outside of normal working hours, weekends or on holidays, and should have a backup to ensure that someone is available should an incident take place. The University's Chief Technology Officer and the Associate Vice President for Administrative Technologies are responsible for designating the Incident Coordinator and their backup.
IT Security Incident Response Team (ITSIRT) - This team performs specific investigative, containment, eradication, recovery, and follow-up steps. This team should consist of technology and functional specialists from various units in disciplines that may include:
Unit Security Liaisons - Individuals identified by Deans, Directors and Department Heads to act on their behalf to submit requests for access to ISU Information Technology Resources and Systems and serve as the primary contact for security incident response issues as stated in 9.8 Policy on Security of Information Technology Resources and Systems.
Any individual or group who in the course of using ISU Information Technology Resources and Systems observes an information technology security incident shall report that incident.
Suspected criminal activity involving ISU Information Technology Resources and Systems shall be reported to the Illinois State University Police. Such activity includes but is not limited to; computer theft, credit card theft . Criminal activity can be reported in person at ISU Police offices or by telephone (309) 438-8631 (voice) or (309) 438-8266 (TTY). Notification of crimes in progress or other emergencies dial 9-1-1 or use a nearby campus emergency blue light kiosk.
In accordance with the Illinois Abused and Neglected Child Reporting Act (325 ILCS 5/4.5). any Illinois State University employee who in the course of their duties for the University installs, repairs or services information technology resources or systems, discovers any depiction of child pornography shall immediately report that discovery to the IT Security Response line: 438-ITSR (4877).
Copyright and Intellectual Property
Suspected violations of copyright and intellectual property rights shall be reported to the University Digital Millennium Copyright Act (DMCA) agent at firstname.lastname@example.org.
All other incidents
Individuals reporting security incidents
Unit Security Liaisons reporting security incidents
Unit Security Liaisons shall report information technology security incidents involving information technology resources within their area of responsibility. The procedures to report incidents are dependent upon on the classification of the resource or system.
Highly Restricted Data
If the incident involves data with the classification of "Highly Restricted" do the following:
If the incident involves data with the classification of "Restricted" do the following:
If the incident involves data with the classification of "Unrestricted" and does not seriously impact individuals or the university do the following:
If the classification of the information system or resource is not known follow the procedures for "Restricted".
The University's Chief Technology Officer and the Associate Vice President for Administrative Technologies are responsible for the creation and maintenance of any procedures, processes, or functions in support of response to Information Technology security incidents.
Last Review: July 2013