IT0122-C UTC Standard: Security Incident Response Plan

Objective:

To align University of Tennessee at Chattanooga (UTC) standards of practice with University of Tennessee System-wide policy for developing, maintaining and documenting a Security Incident Reporting & Response program.

Scope:

This program applies but is not limited to employees, contractors, agents, and representatives accessing, using, or handling UTC information technology resources.

Principles:

This document is a UTC-specific Standard based on University System-wide policy. Each User of UTC resources is required to be familiar and comply with University policies, and acceptance is assumed if the User accesses, uses, or handles UTC information technology resources.

The Chief Information Officer (CIO) is the Position of Authority (POA) for Information

Technology at UTC and responsible for IT security at the University of Tennessee Chattanooga.

Responsibilities:

  1. The CIO has overall responsibility of the Security Incident Reporting & Response (IR) program at UTC and ensures:
    1. The program is developed, documented, and disseminated to appropriate UTC entities in accordance with University policy.
    2. The program is reviewed and updated annually.
  2. The Chief Information Security Officer (CISO) is responsible for overseeing the Security Incident Reporting & Response program and consulting system owners to ensure effective procedures are implemented.
  3. System owners/administrators are responsible for adhering to this Standard for their respective system(s).

Standard:

  1. The Chief Information Security Officer (CISO):
    1. Ensures compliance to federal, state and university policy and regulations.
    2. Develops, documents and maintains a campus-wide Cyber Incident Response Plan.
    3. Monitors, tracks and reports, on a periodic basis, all Security Incidents to the UTSA CISO.
    4. Ensures departments and users have assistance during recovery from Security Incidents.
    5. Ensures potential forensic evidence is protected from corruption.
  2. All users must report suspicious activity, compromised systems or accounts, or any potential security incidents to the Client Services Help Desk (423)425-4000.

References:

IT0122 – Security Incident Reporting and Response

IT0122-C UTC Standard: Security Incident Response Plan
Version: 1 // Effective: 08/10/2018
PDF icon Downloadable PDF

Related Policies: