Incident Response Policy
The purpose of this policy is to outline the different responsibilities of the Technology Staff with regards to reacting and responding to various types of network and information security incidents that may occur within SOIC.
This policy applies to all employees and faculty of SOIC; as well as vendors, contractors, partners, students, collaborators and any others doing business or research with the SOIC will be subject to the provisions of this policy. Any other parties, who use, work on, or provide services involving SOIC computers, technology systems, and/or data will also be subject to the provisions of this policy. SOIC computing resources have been developed to encourage widespread access and distribution of data and information for the purpose of accomplishing the educational and research missions of the school. This policy will not supersede any Indiana University developed policies but may introduce more stringent requirements than the university policy.
Security incidents can generally be defined as “the act of violating an explicit or implied security policy” (Definition taken from the Carnegie Mellon Computer Emergency Response Team Coordination Center Incident Reporting System Guidelines.) An SOIC security incident is defined as an event that exposes SOIC-held data to unauthorized individuals and impacts or has the potential to impact negatively either student safety or privacy, SOIC employee safety or privacy, or the reputation of SOIC or Indiana University. The Core incident response team consists of those members of various SOIC offices who will assist in the conduct of a major incident investigation. The incident response team will be activated at the discretion of the Executive Associate Dean. The core SOIC incident response team members will be the Director of Technology Services, the Computer Support Specialist, the Technology Coordinator, a Legal Office representative, and a Media Relations Office representative. Adjunct incident response team members are those members of various SOIC offices who have specific skills needed at times during incident investigations.
The Director of Technology Services is granted authority to take actions necessary to protect SOIC people, resources, data and/or communications in the event of a security incident.
The Computer Support Specialist serves as the investigative and operational lead for the conduct of all SOIC security incident investigations. The Computer Support Specialist will be the primary authority for invoking incident response procedures.
Various SOIC offices will provide core and adjunct members of the incident response team to assist the Computer Support Specialist and Technology Coordinator during security incident investigations. All incident response team members will be assigned duties based on the circumstances of the incident. Specific members and their respective roles are outlined in SOIC incident response procedures.
SOIC personnel must immediately report: a. a security incident that involves unauthorized physical access to a building or secure location, physical threat, imminent danger, or personal safety issue to the IUPUI Police Department. b. an actual or suspected security incident that involves unauthorized access to electronic systems owned or operated by IU and/or SOIC; malicious alteration or destruction of data, information, or communications; unauthorized interception or monitoring of communications; and any deliberate and unauthorized destruction or damage of IT resources to the Indiana University IT Security Office (ITSO) as outlined in IT Policy Office (ITPO) incident reporting procedures.
All communications with the media regarding an incident will be coordinated through the SOIC Communications Manager.
Violation of Policy
If it is suspected that this policy is not being followed, report the incident to the Executive Associate Dean or Director of Technology Services. Any exceptions to this policy must be approved in advance by both the Executive Associate Dean and Director of Technology Services.
Any person found to have violated this policy will be subject to appropriate disciplinary action as defined by the provisions of Indiana University Policy IT-02, Policy on Sanctions for Misuse or Abuse of Indiana University Technology Resources.