General Policies
University Policy Number 1305
Subject: Reporting Electronic Security Incidents
Responsible Parties: Information Technology Unit
Procedures: Users,
Network
and Server Administrators, CSIRT
Related University Policies: Responsible Use of Computing 1301,
Data Stewardship 1114,
and Reporting of Crimes, Accidents, Fires and Other Emergencies 1404
I. SCOPE
Administrative Policy Number 1305 applies to all academic and operational departments and offices at all university locations, owned and leased. The policies and procedures provided herein apply to all university faculty, staff, students, visitors and contractors.
II. POLICY STATEMENT
Users of information technology devices connected to the Mason network
shall report all electronic security incidents promptly and to the appropriate
person or office.
The network constitutes a substantial university resource, and the University’s
missions rely significantly on a secure electronic communications network.
Prompt and consistent reporting of electronic security incidents protects
and preserves these resources and aids the University’s compliance
with applicable state and federal laws.
III. DEFINITIONS
Computer Security Incident Response Team (CSIRT): Specially
trained technical individuals who are designated to be responsible for
first response to suspected electronic security incidents. As part of
their first response, they take all possible measures to preserve the
evidence.
Electronic Security Incident: Electronic activities,
such as “hacking” or a compromised or abused computer, that
result in damage to or misuse of the Mason network or a device connected
to it. Routine detection and remediation of a “virus,” “worm,”
or similar issue that has little impact on the day-to-day business of
the University is not considered an Incident under this policy.
Information Technology Device: Any device involved with
the processing, storage, or forwarding of information making use of the
Mason information technology infrastructure or attached to the Mason network.
These devices include, but are not limited to, laptop computers, desktop
computers, personal digital assistants, and network devices such as routers
and switches, and printers.
IP Address: Internet Protocol Address is a unique number
associated with a device used for the routing of traffic across the Internet
or another network.
ITU Support Center: The Support Center provides technical
support for computing, network, and phone issues for the University community.
It also serves as the first point of contact for reporting problems with
computers, computer accounts, phones, and networks on campus.
Security Liaisons (SLs): Point of contact within each
University unit for the unit’s staff to report security incidents,
suspected and real.
User: An individual who uses an information technology
device.
IV. RESPONSIBILITIES
User: Reports actual or suspected electronic security
incidents to ITU Support Center at 703-993-8870. Stops using the computer
immediately, understanding that continued use may inadvertently damage
potential evidence in the event the electronic security incident becomes
part of a criminal case.
ITU Support Center: Collects appropriate information
for suspected electronic security incidents. Notifies the CSIRT of reported
electronic security incidents.
ITU Network Engineers and Server Administrators: Collects
appropriate information regarding devices compromised by electronic security
incidents.
· Disables the port of the affected information technology device, if appropriate.
· Notifies the CSIRT of electronic security incidents.
CSIRT: First response and evidence preservation. Open, manage, and close problem reports for electronic security incidents.
· Contacts users of and/or systems administrator for compromised devices.· Communicates to users, Network Engineers, Server Administrators, and/or SLs any actions that need to be taken and the reasons for them, the steps required to reestablish services, and any relevant technical information about the incident.
· Notifies the Chief Information Officer within 24 hours of an investigation.
Chief Information Officer (CIO): Reports events deemed to meet the definition of significant incident to Virginia Information Technology Agency (VITA) per the Code of Virginia § 2.2-603.G.
· Notifies appropriate law enforcement agencies when a crime is suspected.
V. COMPLIANCE
Failure to honor the requirements set forth in this policy may result
in disciplinary or administrative action.
VI. EFFECTIVE DATE AND APPROVAL
The policies herein are effective September 1, 2006. This policy and
its procedures shall be reviewed at least annually to adjust processes,
identify new risks, and remediation.
Approved:
_______________________
Maurice W. Scherrens
Senior Vice President
________________________
Peter N. Stearns
Provost
Date approved: September 5, 2006