Skip to main content

Incident Response Plan Guidelines

Updated

1. Purpose

These guidelines establishes a structured approach to identifying, responding to, and mitigating information security incidents to minimize impact on Institutional Information and IT Resources while ensuring compliance with UC’s IS-3 policy.

2. Scope

These guidelines should be applied to all faculty, staff, researchers, and students who use, manage, or access Institutional Information and IT Resources within the department.

3. Incident Categories

  • Low Impact Incidents: Minor security violations or misconfigurations with no sensitive data exposure.
  • Medium Impact Incidents: Unauthorized access attempts, malware detections, or policy violations with potential risk.
  • High Impact Incidents: Data breaches, compromised accounts, system-wide failures, or incidents requiring legal/regulatory reporting.

4. Incident Response Phases

  • Identification: Detection of security events through monitoring tools, user reports, or system alerts.
  • Containment: Immediate actions to prevent further damage, such as disabling compromised accounts or isolating affected systems.
  • Eradication: Removal of threats, malware, or vulnerabilities that caused the incident.
  • Recovery: Restoring affected services, ensuring system integrity, and verifying data security.
  • Lessons Learned: Post-incident analysis to improve security controls and update response procedures.

5. Roles and Responsibilities

  • Unit Information Security Lead (UISL): Coordinates incident response, ensures documentation, and reports incidents to UC leadership.
  • IT Staff: Assists in containment, eradication, and recovery efforts.
  • Faculty & Staff: Reports suspected security incidents promptly.
  • Department Leadership: Provides oversight and ensures resource allocation for incident response.

6. Reporting and Escalation

  • All security incidents must be reported to the UISL immediately.
  • High-impact incidents must be escalated to the Chief Information Security Officer (CISO) and relevant UC authorities.
  • Incidents involving sensitive data must follow UC’s breach notification procedures.

7. Compliance and Review

  • These guidelines will be reviewed annually and updated as necessary to align with IS-3 and other UC security policies. The more detailed and up to date official UC policy can be found here

For questions regarding these guidelines, contact the Unit Information Security Lead (UISL) at itcontact@bren.ucsb.edu

 

Powered by Zendesk