Table of Contents
Effective Date: November 21, 2011
Date Last Reviewed: December 10, 2019
Issuing Authority: Chief Information Security Officer
The Computer Incident Reporting Procedure provides a series of channels through which incidents can be reported, investigated, tracked, and administratively reviewed to ensure Temple University information assets and/or infrastructure are protected. The Office of Information Security will be the primary responder to the incidents. Other departments will assist as the need arises.
* AFTER NOTIFYING THE OFFICE OF INFORMATION SECURITY, IT IS ESSENTIAL TO FOLLOW THE INSTRUCTIONS OF THE RESPONSE TEAM. ALL TECHNOLOGY DEVICES MUST NOT BE USED, TURNED OFF OR ON, OR CHANGED IN ANY MANNER THAT MAY COMPROMISE EVIDENCE OR THE INVESTIGATION.
Examples of what type of incidents should be reported appear below:
- Any suspected hacking or intrusion attempts
- Suspicion of a password compromise
- Harassment by e-mail
- Violation of any technology policy
- Critical issues should be reported immediately to your manager and the Office of Information Security. Follow the contact list below for the Office of Information Security.
- Critical issues involving notification of an intrusion from our Intrusion Detection Systems or Network logging facilities should be brought to the attention of the Information Security Department immediately.
Information Security Department Contact Information:
- Office of Information Security – Seth Shestack, 215-204-5884
- Escalation Manager – Larry Brandolph, CISO, 215-204-7077
- firstname.lastname@example.org (Office of Information Security departmental e-mail)
- Escalation for all of Information Technology Services – Cindy Leavitt, Vice President Information Technology Services and Chief Information Officer, 215-204-7077 or email@example.com
- Non-critical issues should be reported to the following management personnel by telephone, e-mail, in person, or via TUhelp system:
- Your immediate supervisor within assigned Department
- Help Desk (tuhelp.temple.edu / 215-204-8000)
- Office of Information Security (Seth Shestack, 215-204-5884)
- Human Resources (if University policy or codes have been broken)
- Technical issues
The Help Desk will refer the matter to the appropriate Information Technology Services personnel through the TUhelp system.
- Non-technical issues
The Help Desk will refer the matter to an Information Security Office person through the TUhelp system.
- The Chief Information Security Officer, as appropriate, shall activate and lead its Incident Response Team following the report of a suspected event or incident.
- After notifying the Office of Information Security it is essential to follow the instructions of the response team.
- The Incident Response Team shall proceed to assess the nature and scope of the incident and identify what data/systems/services have been accessed or misused.
- The Incident Response coordinator will contact the Privacy Officer to review if there needs to be a breach declaration, if event is solely privacy or a combination of both.
- System owners, working in full cooperation with the Incident Response Team, shall provide the necessary resources to take appropriate steps in order to contain and control the incident, to prevent further unauthorized access such as monitoring or suspending access, and to preserve records and other evidence.
- The Incident Response Team shall create an Incident Report that will document the facts surrounding the incident, the steps taken to mitigate any immediate threat, the steps taken to ascertain the scope and nature of the breach, the nature of the breach itself, the list of affected individuals and any other relevant information relating to the incident.
- The Incident Response Team, as needed, shall include Temple Legal Counsel, Temple University Police, Risk Management, outside law enforcement or other areas of the University affected.
- The Breach Declaration Team shall evaluate the Incident Report and make the final determination as to whether a Breach of Personal Identifiable Information (PII) has occurred.
- The Chief Information Security Officer, independent or as appropriate, to the outcome of the Breach Declaration Team, shall lead an effort to formulate a long-range plan to prevent recurrence of the incident.