Information Security Incident Response Plan Procedure

 

Purpose

This plan guides how to respond to information security incidents at Hudson County Community College (HCCC). The plan identifies the roles and responsibilities of the HCCC incident response team and the steps to be taken in the event of an incident. The Information Security Incident Response Plan (ISIRP) aims to minimize the impact of an incident, preserve evidence for investigation purposes, and restore normal operations as quickly as possible.

Definitions

Incident: An event that results in a loss of confidentiality, integrity, or availability of information or information systems.

Response: The actions that are taken to mitigate the impact of an incident and restore the affected systems and data to their normal state.

Incident Response Team (IRT): The Incident Response Team (IRT) is responsible for implementing the ISIRP. The IRT consists of representatives from relevant departments, including but not limited to Information Technology Services (ITS), Finance (Risk Management), Legal Counsel, HR, and Communications. The IRT is responsible for coordinating the response to an incident and ensuring that all necessary resources are available.

Roles and Responsibilities

The IRT is responsible for the following:

  • Responding to incidents and mitigating their impact.
  • Investigating incidents and determining their cause.
  • Restoring systems and data that have been affected by an incident.
  • Communicating with stakeholders about incidents.
  • Logging and reporting incidents.

Incident Reporting

All suspected or confirmed information security incidents must be reported to ITS immediately. ITS will then assess the incident and determine if it is a security incident. ITS will escalate the incident to the IRT if it is a security incident.

Response Steps

Incident Categorization:

The IRT will categorize the incident based on its severity and impact. The categories are as follows:

Category 1: Minor Incident - No significant impact on the college or its operations.
Category 2: Moderate Incident - Limited impact on the college or its operations.
Category 3: Major Incident - Significant impact on the college or its operations.
Category 4: Critical Incident - Severe impact on the college or its operations.

Incident Response by Category:

The IRT will follow the below steps to respond to an incident:
Category 1: No formal response is required.
Category 2: The IRT will investigate the incident and take appropriate action to contain and mitigate the incident.
Category 3: The IRT will coordinate with relevant departments and external resources, such as law enforcement and cybersecurity experts, to investigate the incident and take appropriate action to contain and mitigate the incident.
Category 4: The IRT will implement the HCCC Emergency Management Plan, which outlines the steps to follow during a significant crisis.

ISIRP Steps for IRT to Follow

The IRT will follow these steps in the event of an incident:

  1. Respond to the incident report.
  2. Mitigate the impact of the incident.
  3. Categorize the effects on the above scale.
  4. Investigate the incident.
  5. Determine the cause of the incident.
  6. Restore systems and data that have been affected by the incident.
  7. Communicate with stakeholders about the incident.
  8. Log and report the incident.

Tools and Resources

The IRT will use the following tools and resources to respond to incidents:

  • Security software: Sophos, Crowdstrike
  • Data backup and recovery systems: Cohesity, Arcserve, OneDrive
  • Communication channels: Email, Text, Social Media
  • Third-party cybersecurity experts: NJ Edge, CyberSecOp, Cybersecurity Insurance consultants

Testing and Training

The IRT will test and train regularly on the procedures and tools in place.

Communication Plan

The IRT will communicate with the following stakeholders in the event of an incident:

  • Students
  • Faculty
  • Staff
  • Media
  • Law enforcement
  • Regulatory agencies

Metrics and Reporting

The IRT will document all aspects of the incident, including but not limited to the incident type, severity, impact, response, and resolution. Documentation will be stored securely and accessible only to authorized personnel.

The IRT will collect and analyze the following metrics related to incidents:

  • Number of incidents
  • Cost of incidents
  • Time to recover from incidents

The Associate Vice President for Technology and CIO will report on these metrics to the HCCC Board of Trustees.

Review and Update

The AVP CIO will review the ISIRP annually and update it to reflect the changing security landscape and the HCCC's evolving needs.

Approved by Cabinet: May 2023
Related Board Policy: Information Technology Services

Return to Policies and Procedures