Overview
The incident response policy outlines the critical IT services required to sustain business operations after a large disruption. This policy specifies important technical services via formal and informal business effect studies. The catastrophe response process involves a variety of complementary recovery techniques that are used to construct an event response plan.
Purpose
This policy establishes the criteria for Zeta Alpha to design and implement a baseline response policy that outlines the method for responding and recovering IT systems, applications, and data in the event of a catastrophic event.
Scope
Individuals accountable for developing, testing, and maintaining an incident response plan must adhere to the Zeta Alpha Incident Response Policy. This policy merely specifies that an Incident Response plan is necessary; it offers no suggestions for inclusion to the program or its sub-plans.
- Employees, contractors, and all organizational units
- Vendors that gather, handle, distribute, or maintain Zeta Alpha’s data, either domestically or externally maintained or hosted
- Members of the Zeta Alpha group possess access to or keep sensitive organizational data.
Definition
Sensitive information might have a significant unfavorable impact on an organization’s reputation, resources, services, or persons if not disclosed without authorization. Protected health information (PHI), Social Security numbers, and credit card numbers are all examples of personally identifiable information (PII), as is any other information classified as sensitive by Zeta Alpha. A catastrophic occurrence puts Zeta Alpha’s resources, stakeholders, or services at risk.
A significant event meets the following criteria:
- There is a risk of unauthorized access to or disclosure of sensitive information by deliberate, unintentional, or other ways.
- Includes criminal behavior, lawsuits, or a government investigation.
- It is possible that mission-critical services may be severely disrupted.
- Active threats are involved.
- Is expected to pique public interest
- Liable to damage Zeta Alpha’s credibility
Reporting
All Zeta Alpha resource users must report any occurrences involving information security to their IT security provider or security unit liaison. All incidents must be reported within 12 hours. Certain information security issues may potentially be criminal in character and should be notified to the Division of Public Safety as soon as possible. To prevent unintended breaches of state or federal law, individuals and departments are forbidden from revealing information, electronic devices, or electronic media to any third party, including law enforcement authorities, without first making the notifications required by this policy.
Contingency Plan
Following the development of goals, it is vital to implement strategies as soon as possible. Management must provide appropriate time for evaluation of the Incident Response strategy. Exercises should be performed on a minimum of a yearly basis. During these tests, potential failure points for the strategy may be identified and corrected in a low-risk environment. At the very least, the strategy should be reviewed and revised once a year.
As a result, the following preparations must be put in place:
- Describe the chain of command in the event that normal personnel is unable to execute their job.
- Identify the data kept on the systems, as well as its importance and confidentiality.
- Make a list of all the services offered and rank them in order of priority, then sequence in short and long term periods.
- Determine the frequency of data to back up, the device to which it is saved, and the location.
Compliance Measurement
Periodic walkthroughs, video surveillance, business tool reports, internal and external audits, and input to the policy owner are all examples of how the information security department will ensure that this policy is followed.
Exceptions: Any deviation from the policy must be agreed upon in advance by the information security department.
Non-Compliance: Up to and including termination of employment and associated civil or criminal penalties may be imposed on those who are found to have violated this policy. Sanctions, including the withdrawal of access privileges and the termination of contracts, may be used against any vendor, consultant, or contractor found to have violated this policy.