RCIT-08 Reeves County Information Security Incident Response Plan

IT Reeves County Information Security Incident Response Plan

Policy Statement:

This Information Security Incident Response Plan is established to effectively respond to incidents compromising the confidentiality, integrity, or availability of business and Protected Information within the IT Reeves County. The plan aims to minimize potential risks to the institution, its employees, clients, and third parties in the event of a data loss or unauthorized use of IT resources. It operates in collaboration with the institution's Security Plan and other policies to safeguard, detect, and contain data incidents.

Guidelines:

A. Information Security Incident Response Team:

1. The institution maintains a multi-disciplinary Information Security Incident Response Team, responsible for implementing, reviewing, testing, and modifying the Incident Response Plan.

2. Clear lines of authority and communication within the team are communicated to all institution personnel through frequent security training.

B. Annual Evaluation:

1. The Information Security Incident Response Team undergoes an annual evaluation, considering benchmarking, discussions with management and staff, surveys, and third-party audit recommendations.

2. Evaluation criteria include reported incidents, response time, successful resolutions, provided updates, and effectiveness of controls.

C. Reporting a Suspected Incident:

1. Users must report any suspected incident to the institution's Help Desk using an Incident Response Discovery form.

2. Definitions for incidents and Protected Information are established to determine reportable events.

D. Incident Assessment and Analysis:

1. The Information Security Incident Response Team conducts a thorough investigation, considering incident type, emergency status, internal or external origin, targeted threat, evidence preservation, and estimated severity.

2. An incident flow-chart outlines the reporting and response process, and a Ransomware/Malware/PUPs Playbook is followed for specific incident types.

E. Notification:

1. The Incident Response Team notifies the CEO, Board of Directors, Cybersecurity, Legal, Risk Management Divisions, service providers, law enforcement, and affected parties if warranted.

2. External notifications are made in consultation with legal authorities, considering the facts and risks involved.

F. Policy Administration and Enforcement:

1. The IT Department administers and implements the Information Security Incident Response Plan.

2. Violations may result in disciplinary actions, including access restrictions, termination, and potential legal consequences. The policy works in conjunction with employment terms outlined in collective bargaining agreements.