MUSC Policy MUSC-xx: Information Security - Incident Response


Definitions:

Refer to MUSC Policy MUSC-xx: Information Security: Appendix A.

Policy:

Because not all information security incidents can be prevented, MUSC requires an incident response capability that achieves these goals:

  • rapidly detecting incidents and prioritizing responses
  • minimizing loss and destruction
  • identifying weakness(es) that were exploited
  • restoring affected information services

MUSC's Computer Security Incident Response Team (CSIRT) is responsible for:

  • coordination of incident response activities across the MUSC enterprise
  • analysis of attacks, intrusions and other incidents
  • monitoring of intrusion detection systems (IDS)
  • coordination of security incident documentation, and all incident-related communications
  • assisting with recovery of systems when appropriate

In concert with MUSC management and the Owner(s) of affected System(s), the CSIRT ensures a coordinated response, involving the Enterprise ISO, the appropriate Entity IACO(s), IT support, Legal Counsel, Public Relations, Human Resources, Risk Management, Public Safety, and Engineering and Facilities resources needed to resolve each incident.

Each MUSC workforce member is required to ensure that any known or suspected incident is promptly reported to the CSIRT. Incidents may be reported 24x7x365, using the procedures documented in the Computer Security Incident Response Procedures [link] document.

Sanctions:

Refer to MUSC Policy MUSC-xx: Information Security: Sanctions.

See Also:

MUSC Policy MUSC-xx: Information Security
MUSC Policy MUSC-xx: Information Security - Evaluation
MUSC Policy MUSC-xx: Information Security - Documentation
MUSC Computer Use Policy
Computer Security Incident Response Procedures

References:

HIPAA Security 164.308(a)(6)(i) Standard: Security incident procedures
HIPAA Security 164.308(a)(6)(ii) Response and Reporting
GLBA Safeguards Rule: 314.4(3)
$Id: incident-response.html,v 1.3 2004/12/10 19:45:52 gadsden Exp $