|TITLE: Information Security||ID:|
|ORIGINATOR: Information Security Office||DATE: Jan 5, 2005|
|REVIEWED: President's Council||DATE: Feb 16, 2005|
|APPROVED: Raymond S. Greenberg, MD, PhD||DATE: Feb 16, 2005|
|IMPLEMENTATION: Enterprise-wide||DATE: Feb 16, 2005|
Please refer to MUSC Information Security Rationale: The Need for Safeguards for an overview of the legal and ethical considerations that have motivated the development of this policy. The following laws and regulations have particular relevance:
Because not all information security incidents can be prevented, MUSC requires an incident response capability that achieves these goals:
MUSC's Computer Security Incident Response Team (CSIRT) is responsible for:
In concert with MUSC management and the Owner(s) of affected System(s), the CSIRT ensures a coordinated response, involving the Enterprise ISO, the appropriate Entity IACO(s), IT support, Legal Counsel, Public Relations, Human Resources, Risk Management, Public Safety, and Engineering and Facilities resources needed to resolve each incident.
Each MUSC workforce member is required to ensure that any known or suspected incident is promptly reported to the CSIRT. Incidents may be reported 24x7x365, using the procedures documented in the Computer Security Incident Reporting Procedures.
This policy will be maintained and published electronically by the Information Security Office. This policy is a public document and there are no restrictions on its distribution.