|
 |
 |
 |
 |
 |
|
Incident Response Process
- INITIAL RESPONSE If a breach of security
is suspected on a computing system that contains or has network access
to unencrypted protected data, the Data Custodian will immediately:
- Remove the computing system from the campus network.
- Conduct a local analysis of the breach to determine the number
of individuals whose protected data may have been acquired.
- Notify the Data Proprietor and the Responsible Administrative
Official if there is a reasonable belief that protected data may
have been acquired, regardless of the quantity of information that
might have been compromised.
top
- INITIAL NOTIFICATION OF LEAD CAMPUS AUTHORITY
If the Data Custodian and Data Proprietor agree that protected data
may have been compromised, the Data Proprietor should contact the C&C
Network Operations Center at 827-4100 to report that a potential security
breach has occurred and to request immediate notification of the Lead
Campus Authority. Additional information should be sent via e-mail to
security@ucr.edu and the Data
Proprietor should quickly contact the appropriate Responsible Administrative
Official.
top
- INITIAL ANALYSIS OF SECURITY BREACH
C&C will examine the evidence of a breach with the Data Custodian to
assess the possibility that unencrypted protected data has been acquired
by an unauthorized source and report their conclusions to the Lead Campus
Authority.
top
- UCOP AND CAMPUS NOTIFICATION OF SECURITY BREACH
If, after consulting with C&C security staff and the Data Custodian,
the Lead Campus Authority is reasonably certain that a security breach
has occurred, the Lead Campus Authority will immediately report the
breach to the Associate Vice President for Information Resources and
Communications at Office of the President as well as the UCR Police
Department. Notification will also be sent to UCR's Executive Vice Chancellor
and Provost, Vice Chancellor of Administration, Locally Designated Official
(see below), and the Responsible Administrative Official.
top
- LOCALLY DESIGNATED OFFICIAL (LDO) NOTIFICATION
If an improper governmental act is alleged or suspected, as defined
in California Government Code Section 8547.2, the Lead Campus
Authority will notify the LDO in accordance with Campus Policy Number
650-90 on Reporting and Investigating Allegations of Suspected Improper
Governmental Activities.
top
- RECOMMENDATION CONCERNING NOTIFICATION TO INDIVIDUALS IMPACTED
BY THE SECURITY BREACH The Lead Campus Authority
will bring together the appropriate Responsible Administrative Official,
Audit and Advisory Services, UCR's Director of Financial Controls and
Accountability, and the Vice Chancellor of Administration to make a
determination whether criteria for notification under California Civil
Code 1798.29, 1798.82 have been met and to determine the means of notification,
if such notification is required (e.g., e-mail, postal mail, or web
site notice, consistent with UCOP Notification Procedures). An incident
report and suite of recommendations will be prepared for the Executive
Vice Chancellor's review.
top
- NOTIFICATION TO INDIVIDUALS IMPACTED BY THE SECURITY BREACH
After obtaining the EVC's approval, the Lead Campus Authority will work
with the Data Proprietor to ensure that the notification procedure is
executed.
top
An incident report will be submitted to the Executive Vice Chancellor.
After obtaining the EVC's approval, the Lead Campus Authority will work
with the Data Proprietor to ensure that the notification procedure is
executed.
|
|
|
|
|
|
|