Security Incident Management Policy Template

Download Free Security Incident Management Policy Template

Incident Management Standard
- Computer Incident Response Team (CIRT) members have pre-defined roles and responsibilities which can take priority over normal duties.
- Whenever a security incident, such as a virus, worm, hoax email, discovery of hacking tools, altered data, etc. is suspected or confInformation Risk Manager (IRM)ed, the appropriate Incident Management procedures must be followed.
- The Information Security Officer is responsible for notifying the Information Risk Manager (IRM) and the Computer Incident Response Team (CIRT) and initiating the appropriate incident management action including restoration as defined in the Incident Management Procedures.
- The Information Security Officer is responsible for determining the physical and electronic evidence to be gathered as part of the Incident Investigation.
- The appropriate technical resources from the Computer Incident Response Team (CIRT) are responsible for monitoring that any damage from a security incident is repaired or mitigated and that the vulnerability is eliminated or minimized where possible.
- The Information Security Officer, working with the Information Risk Manager (IRM), will determine if a widespread Company communication is required, the content of the communication, and how best to distribute the communication.
- The appropriate technical resources from the Computer Incident Response Team (CIRT) are responsible for communicating new issues or vulnerabilities to the system vendor and working with the vendor to eliminate or mitigate the vulnerability.
- The Information Security Officer is responsible for initiating, completing, and documenting the incident investigation with assistance from the Computer Incident Response Team (CIRT).
- The Company Information Security Officer is responsible for reporting the incident to the: Information Risk Manager (IRM)
- Department of Information Resources as outlined in TAC 202
- Local, state or federal law officials as required by applicable statutes and/or regulations
- The Information Security Officer is responsible for coordinating communications with outside organizations and law enforcement.
- In the case where law enforcement is not involved, the Information Security Officer will recommend disciplinary actions, if appropriate, to the Information Risk Manager (IRM).
- In the case where law enforcement is involved, the Information Security Officer will act as the liaInformation Security Officern between law enforcement and Company.

Policy Principle
- All personnel are responsible for managing their use of IR and are accountable for their actions relating to IR security. Personnel are also equally responsible for reporting any suspected or confInformation Risk Manager (IRM)ed violations of this policy to the appropriate management.
- The use of IR must be for officially authorized business purposes only. There is no guarantee of personal privacy or access to tools such as, but not limited to; email, Web browsing, and other electronic discussion tools. The use of these electronic communications tools may be monitored to fulfill complaint or investigation requirements. Departments responsible for the custody and operation of computers (custodian departments) shall be responsible for proper authorization of IR utilization, the establishment of effective use, and reporting of performance to management.
- Any data used in an IR system must be kept confidential and secure by the user. The fact that the data may be stored electronically does not change the requirement to keep the information confidential and secure. Rather, the type of information or the information itself is the basis for determining whether the data must be kept confidential and secure. Furthermore if this data is stored in a paper or electronic format, or if the data is copied, printed, or electronically transmitted the data must still be protected as confidential and secured.
- Custodian departments must provide adequate access controls in order to monitor systems to protect data and programs from misuse in accordance with the needs defined by owner departments. Access must be properly documented, authorized and controlled.
- All commercial software used on computer systems must be supported by a software license agreement that specifically describes the usage rights and restrictions of the product. Personnel must abide by all license agreements and must not illegally copy licensed software. The Information Risk Manager (IRM) through IS reserves the right to remove any unlicensed software from any computer system.
- The Information Risk Manager (IRM) through IS reserves the right to remove any non-business related software or files from any system. Examples of non-business related software or files include, but are not limited to; games, instant messengers, pop email, music files, image files, freeware, and shareware.

Disciplinary Actions
Violation of this policy may result in disciplinary action which may include termination for employees and temporaries; a termination of employment relations in the case of contractors or consultants; dismissal for interns and volunteers; or suspension or expulsion in the case of a student. Additionally, individuals are subject to loss of Company Information Resources access privileges, civil, and criminal prosecution.