Table of Contents
Effective Date: November 21, 2011
Date Last Reviewed: July 12, 2017
Date Scheduled for Review: July 2019
Issuing Authority: Chief Information Security Officer
The Computer Incident Reporting Procedure provides a series of channels through which incidents can be reported, investigated, tracked, and administratively reviewed to ensure Temple information assets and/or infrastructure are protected. The Information Security Department will be the primary responder to incidents. Other departments will assist as the need arises.
* AFTER NOTIFYING THE INFORMATION SECURITY OFFICE, IT IS ESSENTIAL TO FOLLOW THE INSTRUCTIONS OF THE RESPONSE TEAM. ALL TECHNOLOGY DEVICES MUST NOT BE USED, TURNED OFF OR ON, OR CHANGED IN ANY MANNER THAT MAY COMPROMISE EVIDENCE.
Examples of what type of incidents should be reported appear below:
- Any suspected hacking or intrusion attempts
- Suspicion of a password compromise
- Harassment by e-mail
- Violation of any computer policy
- Critical issues should be reported immediately to your manager and the Information Security Department. You must have confirmation from your management and from Information Security Department. E-mail, text, voicemail, or Remedy tickets are not confirmation. Follow the contact list below for Information Security Department.
- Critical issues involving notification of an intrusion from our Intrusion Detection Systems or Network logging facilities should be brought to the attention of the Information Security Department immediately.
Information Security Department Contact Information
- Information Security Office – Seth Shestack, 215-204-5884
- Escalation Manager – Larry Brandolph, CISO 215-204-7088
- email@example.com (Information Security Office departmental e-mail)
- Escalation for all of Information Technology Services – Cindy Leavitt, Vice President Information Technology Services and Chief Information Officer, 215-204-7077 or firstname.lastname@example.org
Non-critical issues should be reported to the following management personnel by telephone, e-mail, in person, or via TUhelp system:
- Your immediate supervisor within assigned Department
- Help Desk (Request Help tab on the Information Technology Services home page / 215-204-8000)
- Information Security Office
- Human Resources (if University policy or codes have been broken)
The Help Desk will refer the matter to the appropriate Information Technology Services personnel through the TUhelp System.
The Help Desk will refer the matter to an Information Security Office person through the TUhelp system.
- The Office of Chief Information Security Officer, as appropriate, shall activate and lead its Incident Response Team following the report of a suspected or actual breach.
- After notifying the Information Security Office it is essential to follow the instructions of the response team. All technology devices must not be used, turned off or on, or changed in any manner that my compromise evidence.
- The Incident Response Team shall proceed to assess the nature and scope of the incident and identify what personal information has been accessed or misused.
- The Incident Response coordinator will contact the Privacy Officer to review if there needs to be a Breach Declaration, if event is solely privacy or a combination of both.
- System owners, working in full cooperation with the Incident Response Team, shall provide the necessary resources to take appropriate steps in order to contain and control the incident, to prevent further unauthorized access such as monitoring or suspending access, and to preserve records and other evidence.
- The Incident Response Team shall create an Incident Report that will document the facts surrounding the incident; the steps taken to mitigate any immediate threat, the steps taken to ascertain the scope and nature of the breach; the nature of the breach itself; the list of affected individuals and any other relevant information relating to the incident.
- The Incident Response Team, as needed, shall include Temple University Police, and will indicate in the Incident Report whether delay in public notification is necessary for the purposes of investigation.
- The Chief Information Security Officer shall consult with the Chief Information Officer to determine if this is a Security incident, Privacy incident, or both
- The Breach Declaration Team shall evaluate the Incident Report and make the final determination as to whether a Breach of Personal Information has occurred, and if so, what the appropriate response and relief should be.
- The Chief Information Security Officer, independent or as appropriate, to the outcome of the Breach Declaration Team, shall lead an effort to formulate a long range plan to prevent recurrence of the incident.