Policy 8-2-6: Security Incident Response

Policy: Policy 8-2-6: Security Incident Response Date Adopted: Jan 14, 2014
Department: Computing Services Contact: Director
Statement:

The incident response policy provides directions and steps for identifying and reporting events and incidents that may impact Western Nevada College’s (WNC’s) operational, financial and reputational standing and/or the ability to comply with regulatory and legal requirements. The scope of the procedure applies to technical, environmental, or safety events.

 This policy provides an organizational approach to address and manage incidents that may create an impact for WNC.

Definitions:

Event: Any observable occurrence that is relevant to WNC that can be business-related, IT related, and is accidental or intentional in nature. Any event that potentially could have a significant effect should be reported.

Incident: An event is declared an incident when it is found to jeopardize, or imminently jeopardizes the safety, privacy, integrity or availability of WNC resources; may constitute a violation of law; violates WNC policies standards and procedures.

Incident Severity Level Matrix: Defines levels of severity for incidents. See WNC Incident Severity Level Matrix below.

Internal Data: When the unauthorized disclosure, alteration, or destruction of data, e.g., contracts, agreements, business and financial information, could result in a moderate level of risk to WNC/NSHE. This data is intended to be protected from external dissemination and public consumption because of business, regulatory, and ethical concerns.

Restricted Data: Data that is of a highly sensitive nature and whose inappropriate handling or disclosure could result in detrimental consequences for NSHE.

Section 1: Process Steps

  1. Report identified potential and actual events to the Information Security Officer (ISO). The ISO determines if the event should be investigated and classified as an incident according to the WNC Incident Severity Level Matrix.
  2. The ISO determines what resources and teams are required to handle the incident.
  3. The responsible team(s) will investigate and contain it according to its type and severity.
  4. After containment, remediation is implemented to ensure resources are stable. 5. Once remediation is complete, recovery brings operations back to a normal state.
  5. The ISO submits a written report to the CIO describing the process used, the mitigating factors implemented and follows up with a meeting to discuss lessons learned.

 Note: The ISO must provide status reports during each phase of the incident response procedure to the Director of Computing Services.

 

Level

Incident Characteristics

Impact on NSHE Operations, Assets or Individuals

Notify ISO

High

WNC is no longer able to provide specific critical services to any users and/or data classified by the Board of Regents handbook as Restricted or proprietary information (protected or sensitive research, patents, trademarks, etc. compromised, lost or stolen.)

The incident is expected to have a severe or catastrophic adverse impact

Yes

Medium

WNC lost the ability to provide a critical service or a subset of users and/or data classified as Internal is compromised, lost or stolen.

The incident is expected to have a serious adverse impact.

Yes

Low

WNC can still provide all critical services to all users but lost efficiency and/or Data classified as Internal and used by a department or individual compromised, lost or stolen.

The incident could have a limited adverse impact.

No

None

There is no effect to WNC’s ability to provide services to all users and/or no information was compromised, lost or stolen

There is no adverse effect.

No
Date(s) Revised May 3, 2024; February 11, 2014; Date(s) Reviewed  
NSHE Code(s)   NRS Code(s) 603A.220 NAC Code(s)  
Code Statement  
References
*Please note: that not all WNC Policies will be referenced in these documents.

WNC Data Classifications Levels