Add to collection(s) Add to saved
  1. No category

8.1.1 Procedures for Responding to Security Violations (K12)

advertisement 
D EP AR T MEN T OF T ECH NO L O GY
S T AN D AR DS AN D P R O CE DUR ES M AN UAL
TOPIC 8.1.1 – PROCEDURES FOR RESPONDING TO SECURITY VIOLATIONS
Page 1 of 4
Incident Management
Detection, handling and reporting of security incidents, incident notification
PART ONE: PRELIMINARY INFORMATION
I.
Purpose and Scope
The purpose of this topic is to apprise DOT staff members of the actions that
constitute security violations and the standard DOT response to such occurrences.
II.
Responsibility
The computer security specialist is responsible for developing these procedures and
for making this information available to all DOT employees. The computer
security specialist is also responsible for keeping abreast of current forensic
techniques and tools required to conduct appropriate security violation
investigations.
All DOT employees are responsible for being knowledgeable of the actions that
constitute security violations and the prescribed procedures for responding to and/or
addressing such occurrences.
III.
Background Information
DOT requirement based on School Board Policies 6-62 and 6-64 with
accompanying regulations.
Violations are divided into three categories that escalate in degree of seriousness or
potential for harm to the System from Level One to Level Three.
D EP AR T MEN T OF T ECH NO L O GY
S T AN D AR DS AN D P R O CE DUR ES M AN UAL
TOPIC 8.1.1 – PROCEDURES FOR RESPONDING TO SECURITY VIOLATIONS
Page 2 of 4
PART TWO: PROCEDURES FOR RESPONDING TO SECURITY VIOLATIONS
I.
Level One violations include actions that take place within the division during the
normal course of business.
A.
B.
II.
Level One: Examples
1.
Being logged in to an unattended computer with no password protection
in place
2.
Sharing passwords
3.
Using unauthorized software as defined in School Board Regulation 662.1
Level One: Standard DOT Response
1.
Technicians report the violation to the individual involved using the
yellow Violation Notice.
2.
All other DOT employees (i.e., coordinators, administrators) verbally
report the violation to the individual involved.
Level Two violations involve inappropriate actions initiated inside or outside of the
firewall.
A.
B.
Level Two: Examples
1.
Receipt of email viruses
2.
Receipt or distribution of inappropriate email
3.
Receipt or distribution of inappropriate content
Level Two: Standard DOT Response
1.
Immediately upon discovery, report the occurrence to the Help Desk .
D EP AR T MEN T OF T ECH NO L O GY
S T AN D AR DS AN D P R O CE DUR ES M AN UAL
TOPIC 8.1.1 – PROCEDURES FOR RESPONDING TO SECURITY VIOLATIONS
Page 3 of 4
2.
III.
The Help Desk will assign the call to Technical Services or the computer
security specialist as appropriate.
a.
The computer security specialist will address all email or I-Gear
filtering issues.
b.
Technical Services will address all other issues.
Level Three violations include deliberate attacks on the VBCPS system initiated
internally or externally.
A.
B.
Level Three: Examples
1.
Hack attempts
2.
Data theft
3.
Inappropriate use of division-owned data
4.
Deliberate introduction of a computer virus, worm, Trojan horse, or
other malicious code and /or logic into VBCPS computer systems
5.
Decoding of passwords/user ids
Level Three: Standard DOT Response
1.
Immediately upon discovery, report all suspected occurrences to the
computer security specialist via email or telephone. The report should
include the location of the computer (building and room number), the
barcode, make and model of the computer, and the name of the person
logged in if known.
2.
Ensure that the computer is removed from the network and isolated from
everyone at the site.
D EP AR T MEN T OF T ECH NO L O GY
S T AN D AR DS AN D P R O CE DUR ES M AN UAL
TOPIC 8.1.1 – PROCEDURES FOR RESPONDING TO SECURITY VIOLATIONS
Page 4 of 4
3.
The computer security specialist will take the following actions:
a.
Examine the computer and collect evidence.
b.
Create a report based on collected evidence.
c.
Submit a report to the principal/department head with a copy to the
CIO.
PART THREE: TOPIC HISTORY
Review Schedule: Annual
ACTION
Topic originally prepared
BY
Paul Roxer
DATE
April 2003
Related documents
Based on the Federal Sentencing Guidelines
Based on the Federal Sentencing Guidelines
Understanding the period Do a Google image search on such terms
Understanding the period Do a Google image search on such terms
SocialWebPolicy1_1209
SocialWebPolicy1_1209
Salem-Witchcraft-Dot-Game
Salem-Witchcraft-Dot-Game
Whistleblower Policy - Twin Lakes Literacy Council
Whistleblower Policy - Twin Lakes Literacy Council
Grade level: 9th grade biology
Grade level: 9th grade biology
ADC Proposal Explanatory Letter
ADC Proposal Explanatory Letter
The DRC at Tier 1
The DRC at Tier 1
Enforcement and Fine Policy
Enforcement and Fine Policy
Ministry of Health of the Republic of Kazakhstan Higher School of
Ministry of Health of the Republic of Kazakhstan Higher School of
Download
advertisement