Data Incident Response
IT will respond to all reported security incidents. As the incident reporter, you will be kept informed and involved in the incident response process. The response will follow this general format:
1. Severity
This is a data gathering step and may consist of both personnel and technological processes to determine the severity of the incident.
2. Response Team
An ad-hoc response team consisting of the data steward/owner, appropriate department head(s), IT security, IT management, area User Support Specialist, Legal Counsel, and if appropriate, the critical incident team, will be formed if deemed appropriate.
3. Exposure
The incident reporter and response team will determine the depth and breadth of the exposure.
4. Notification
Affected individuals will be notified via normal campus communication channels. Any communication with mass media outlets will be handled by the Public Affairs office.