Longwood University 
   Chief Information Officer:
    Information and Instructional Technology Services
  201 High Street, Coyner 107, Farmville, VA  23909
   Phone: 434.395.2034         Fax: 434.395.2035

Policy 6132
INCIDENT RESPONSE

I.       PURPOSE

The purpose of this policy is to set requirements for efficient and effective response to incidents affecting the security of information technology (IT) resources and systems.

II.    DEFINITION

Incident: The term incident refers to any suspicious or abnormal event involving IT resources and systems which poses a threat to University IT resources, systems, data, services or system users. Incidents may include, but are not limited to, malware affecting multiple systems, unauthorized intrusion or damage to a web site or page, unauthorized intrusion into a computer system or network or other threats.

III. POLICY

A.    Reporting Incidents:

1.      All IT system users are responsible for promptly reporting any suspected incidents to the Information Security Officer either directly or through their supervisor, sponsor or User Support Services.

2.      A preliminary investigation into all suspected incidents will be conducted to determine if the event is an actual incident requiring a coordinated incident response.

B.     Notification:

1.      The Longwood University Information Security Officer is responsible for ensuring that incidents are reported promptly upon discovery.

a.       Virginia Information Technologies Agency (VITA) must be notified of incidents within 24 hours of when Longwood University discovered or should have discovered their occurrence, as directed by the Code of Virginia 2.2-603 (F).

b.      The affected system owners, data owners and the Chief Information Officer will be notified immediately upon discovery of an incident.

2.      The Information Security Officer will notify campus police and law enforcement for further investigation if criminal activity is suspected and will cooperate and assist in any investigation as requested.

C.     Roles and Responsibilities:

1.      Information Security Officer: The Information Security Officer will develop and maintain an Incident Management Plan that will outline procedures for identifying, defining and responding to incidents.

2.      Incident Handlers: The Longwood University Computer Incident Response Team (LUCIRT) will be comprised of incident handlers responsible for investigation of incidents and other incident response duties under the direction of the Incident Response Manager.

a.       Individuals selected to serve on the LUCIRT may be any University employee whose expertise is pertinent to the incident response.

b.      Once activated, all investigative duties performed by the members of the LUCIRT precede their normal duties until the investigation is closed.

3.      Incident Response Manager: The Incident Response Manager will be appointed to lead an incident investigation and function as a team leader for the LUCIRT.

a.       The Incident Response Manager will be a member of the IITS staff reporting to the Information Security Officer during an incident investigation.

b.      Individuals serving in the role of Incident Response Manager must be certified in incident response by a recognized authority as approved by the Information Security Officer.

4.      System and data owners: System owners and data owners will be involved in setting goals for an incident response investigation with the Information Security Officer and will ensure that the IT systems and resources for which they are responsible are protected from further threat from the incident.

5.      Any individual performing digital forensics as a part of an incident response investigation must be certified to perform digital forensics by a recognized authority as approved by the Information Security Officer.

IV. ENFORCEMENT

The University regards any violation of this policy as a serious offense. Violators of this policy are subject to disciplinary action as prescribed in the Longwood Honor Code, the Student Handbook, the Faculty Policies and Procedures Manual and the Administrative Policies and Procedures Manual, in addition to possible cancellation of IT resources and systems access privileges. Users of IT resources and systems at Longwood are subject to all applicable local, state and federal statutes. This policy does not preclude prosecution of criminal and civil cases under relevant local, state, federal and international laws and regulations.

Approved by the Board of Visitors, September 12, 2008.

 

Back to the Table of Contents                                Next Policy