Information Security Incident Management
Information Security Incident: An assessed occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system; or the information the system processes, stores, or transmits; or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.
The Information Security unit of Missouri State University will remain prepared to handle information security incidents until resolution.
Suspected or confirmed information security incidents must be reported to the University's Information Security Officer (ISO), or, in the ISO's absence, the Information Security Analyst.
The ISO will investigate the report, and if a breach of private, restricted or highly restricted information has occurred, will inform the Chief Information Officer (CIO). The CIO will inform University administration, and/or law enforcement, as appropriate. The ISO will take measures to contain the incident and begin the investigation and documentation process.
If an intrusion occurs but no private, restricted or highly restricted information is breached, the ISO will handle the incident by containing the intrusion and notifying the system owner and custodian for remedial action, as well as starting the investigation and documentation process.
In the event that a public notification of the security incident is warranted (e.g. a violation of governmental regulation, local decision to notify, etc.), the CIO will consult with the appropriate University Chancellor, Vice President(s), Provost, General Counsel, and/or Strategic Communication to develop the response.
The lessons learned from the incident response will be used to enhance processes, methods, and capabilities for future use.
Violations, or failures to report violations, may be subject to disciplinary action.
*Refer to the data definition section of the Information Classification Policy for classification levels and definitions.