IT事件响应策略 & 过程

Approved by President’s Cabinet 7-30-14

I. 介绍

This policy addresses IT incident response issues involving the college's IT resources. The policies and procedures listed in this document provide a mechanism for East Georgia State College faculty, staff and students to report any potential IT-related security 事件.

II. 定义

资源: A system or application that consists of computer hardware, software, networking equipment, 以及这些系统的任何数据. Such assets include but are not necessarily limited to desktop computers, servers, printers, telephones, network infrastructure, E-mail 以及基于网络的服务.

安全事件: An incident meeting one or more of the following conditions:

• • Any potential violation of Federal law, Georgia law or 太阳城娱乐 Policy or Plan involving an 太阳城娱乐 IT Resource.
  • A breach, attempted breach or other Unauthorized Access of an 太阳城娱乐 信息技术 Resource. The incident may originate from inside the East Georgia State College network or via an outside entity.
  • Internet worms, Trojans, viruses and similar destructive files/services
  • Any action and/or conduct using in whole or in part an 太阳城娱乐 信息技术 Resource which could be construed as harassing, or in violation of any 太阳城娱乐 policy or state/federal regulation.

未经授权的访问: Any action or attempt to utilize, alter or degrade an IT resource owned or operated by 太阳城娱乐 in a manner inconsistent with the college policies.

3. Reporting and Response 程序

All 事件 involving 太阳城娱乐's IT resources will be handled 通过以下程序:

1. 1. Department or Division Manager will be notified of incident.
   2. Department or Division manager will communicate incident to Vice President of IT. If it is unclear as to whether an issue/situation should be considered an IT security incident, the Department or Division manager should contact the Vice President for 资讯科技协助.
   3. The Vice President for IT, Department or Division Manager will communicate incident to college's senior administration. The college's Human Resources Officer, and if necessary, the college's campus security office will also be notified of incident.
   4. Depending on scope of incident, the USG 信息技术 Services(ITS) will 也可以联系.
   5. If warranted, local law enforcement officials will be notified. 
   6. All issues (cause, scope, resolution) relating to the security breach incident will be documented by and retained in the offices of the college's senior administration. Any costs associated with the security breach will also be documented. 
   7. Individuals (faculty, staff or student), who report a breach of security incident will receive appropriate feedback and updates regarding the incident from one or more of the following areas: college's senior administration; human resources department; campus security department; department / division manager; VP for IT.
   8. Individuals reporting a breach of security incident will be assured of confidentially, and if necessary, appropriate protection.

Additional items regarding Reporting and Response:

With the exception of items listed below, it is imperative that any investigative or corrective action be performed ONLY by a member of 太阳城娱乐's IT部门.

When faced with a potential IT-related security situation, faculty and staff should 做到以下几点:

1. 1. If the incident involves a compromised computer system, do not alter the state of 计算机系统. The computer system should remain powered on and all currently running computer programs should be left as is. Do not power down the computer or 重新启动计算机.
   2. Immediately disconnect the computer/laptop or other IT connected device from the campus network by removing the patch cable from the back of the computer. 如果电脑， laptop or device is utilizing wireless network connectivity, the system's wireless network hardware should be disabled via the Network Settings in the Control Panel or via the appropriate system configuration tool.

修订历史:2014年7月