MUSC Information Security Standards: Incident Response

Author: Richard Gadsden
Contact: gadsden@musc.edu
Version: 0.2
Date: 23 May 2005
Status: DRAFT

Contents

1. Purpose and Scope

The purpose of these standards is to document the minimum requirements for responding to information security incidents that affect or involve any MUSC information asset, and/or any device that is connected to MUSC's network.

2. Applicable MUSC Policies

3. Standards

3.1. MUSC Computer Security Incident Response Team (CSIRT)

The CSIRT is responsible for:

  • coordination of incident response activities across the MUSC enterprise
  • analysis of attacks, intrusions and other incidents
  • monitoring of intrusion detection systems (IDS)
  • coordination of security incident documentation, and all incident-related communications
  • assisting with recovery of systems when appropriate

All security incidents that affect or involve any MUSC information assets must be reported to the CSIRT.

3.2. System Owners and Administrators

If an MUSC system, or any system connected to MUSC's network, is involved in or affected by a security incident, then the System Owner and/or the System Administrator is expected to coordinate all incident response activities with the MUSC CSIRT.

3.3 Workforce Members

All workforce members are required to follow the Computer Security Incident Reporting Procedures to report any known or suspected security breach or compromise that involves or affects any MUSC system. Workforce members must also report, through appropriate channel(s), any serious vulnerability that is observed to affect an MUSC system.

3.4 Incident Reporting

All security incidents that affect or involve any MUSC information assets must be reported to the MUSC CSIRT, following the procedures defined in the Computer Security Incident Reporting Procedures.