Versions Compared

Old Version 1

changes.mady.by.user Paul Guarino

Saved on

compared with

New Version Current

changes.mady.by.user Paul Guarino

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

    • The theft or physical loss of computer equipment containing or suspected to contain Confidential Information
    • An unencrypted list of student names and social security numbers e-mailed to an unauthorized recipient
    • A firewall is accessed by an unauthorized entity
    • Printed copies of student loan applications are discovered in a publicly accessible dumpster.
    • The University has established procedures to coordinate response to and resolution of Security Incidents (see Incident Response Procedures). The Chief Information Officer with the Chief Information Security Officer will document all responsive actions taken in connection with any Security Incident and will work with the Suffolk Incident Response Team (SIRT) to conduct a mandatory post-incident review of events and actions taken, if any, to ensure that the University undertakes any change in business practices relating to the protection of Confidential Information.
    • Whenever necessary (e.g. in the event of a “Security Breach” as defined by M.G.L.c. 93H, s 1), external notification (e.g notification to affected individuals, government agencies and/or the media) shall be made as required by law, and appropriate remedial or preventative action shall be taken to protect individuals potentially affected by the Security Incident. Decisions concerning the University’s responsibilities with respect to external notification, and any appropriate remedial or preventative actions, shall be made by the Provost in President in consultation with SIRT.

Procedures

...

    1. Discovery & Internal Reporting 
      Any University User who identifies an actual or potential Security Incident should report it promptly to the Information Security Officer (ISO) or by emailing securityincident@suffolk.edu. The user must secure the Confidential Information if he or she still has access to it.

    2. Assessment
      The CISO and the Chief Information Officer (CIO) will determine the likelihood that an actual Security Incident has occurred. If a Security Incident has occurred, the CIO or CISO will notify SIRT, which includes the President, Information Technology Services (ITS), Public Affairs, the General Counsel’s Office, and any other applicable department.

    3. Containment 
      SIRT will work with the applicable department to contain the Security Incident as soon as possible.

    4. Investigation
      SIRT will work with the applicable department to investigate the Security Incident and document all findings.

    5. Resolution and Review
      SIRT shall conduct a post Security Incident review of events and determine if changes should be made to mitigate risks and help prevent similar incidents.

    6. External Notification & Remedial and Preventative Actions
      Whenever necessary (e.g. in the event of a “Security Breach” as defined by M.G.L.c.93H, s 1), external notification (e.g notification to affected individuals, government agencies and/or the media) shall be made as required by law, and appropriate remedial or remedial or preventative action shall be taken to protect individuals potentially affected by the Security the Security Incident. Decisions concerning the University’s responsibilities with respect to external notification, and any appropriate remedical or preventative actions, shall be made be made by the Provost President in consultation with the SIRT.

    7. Documentation 
      The ISO will document all Security Incidents, as well as any and all subsequent actions taken to assess, notify, contain, investigate and resolve the Security Incident (as applicable).

...