MUSC Policy MUSC-xx: Information Security - Incident Response
Definitions:
- Refer to MUSC Policy MUSC-xx: Information Security: Appendix A.
Policy:
Because not all information security incidents can be prevented, MUSC requires an incident response capability that achieves these goals:
- rapidly detecting incidents and prioritizing responses
- minimizing loss and destruction
- identifying weakness(es) that were exploited
- restoring affected information services
MUSC's Computer Security Incident Response Team (CSIRT) is responsible for:
- coordination of incident response activities across the MUSC enterprise
- analysis of attacks, intrusions and other incidents
- monitoring of intrusion detection systems (IDS)
- coordination of security incident documentation, and all incident-related communications
- assisting with recovery of systems when appropriate
In concert with MUSC management and the Owner(s) of affected System(s), the CSIRT ensures a coordinated response, involving the Enterprise ISO, the appropriate Entity IACO(s), IT support, Legal Counsel, Public Relations, Human Resources, Risk Management, Public Safety, and Engineering and Facilities resources needed to resolve each incident.
Each MUSC workforce member is required to ensure that any known or suspected incident is promptly reported to the CSIRT. Incidents may be reported 24x7x365, using the procedures documented in the Computer Security Incident Response Procedures [link] document.
Sanctions:
- Refer to MUSC Policy MUSC-xx: Information Security: Sanctions.
See Also:
- MUSC Policy MUSC-xx: Information Security
- MUSC Policy MUSC-xx: Information Security - Evaluation
- MUSC Policy MUSC-xx: Information Security - Documentation
- MUSC Computer Use Policy
- Computer Security Incident Response Procedures
References:
- HIPAA Security 164.308(a)(6)(i) Standard: Security incident procedures
- HIPAA Security 164.308(a)(6)(ii) Response and Reporting
- GLBA Safeguards Rule: 314.4(3)
$Id: incident-response.html,v 1.3 2004/12/10 19:45:52 gadsden Exp $