POLICY TITLE:     IT Security Incident Escalation
POLICY #: IT - 06
DATE DRAFTED: 03/20/02
APPROVED DATE: 04/03/02
REVISION DATE: 10/20/2011, 03/31/2014
BRIEF DESCRIPTION: Provides guidance in determining the proper response to a misuse of or attack on IT resources from within or outside the University.

Introduction | Policy Scope | Policy Statement | Related Policies | Policy Home

Introduction:
This policy provides guidance in determining the proper response to a misuse of IT resources from within or outside the University. It documents where to report problems and when to involve University administration, judicial representatives, and legal representatives. It also documents the individuals designated for these responsibilities, and procedural details, which depend on the severity and source of the attack.

Scope:
Attacks on University IT resources are serious infractions of the Acceptable Use of Information Technology Resources policy, and misuse or vandalism of University resources. We must pay particular attention to the education of our community with regard to proper behavior in these matters. Serious attacks on University resources will not be tolerated, and this policy provides a method for pursuing the resolution and follow-up for incidents.

Policy Statement:

The entity responsible for support of the system or network that has been compromised or is under attack is in all cases expected to:

  1. Report the incident to the Chief Information Security Officer (see Attachment 2)
  2. Take action at the direction of the Chief Information Security Officer to contain the problem, and block or prevent escalation of the attack, if possible
  3. Remediate changes, and repair the resulting damage
  4. Restore service to its former level, if possible
  5. Preserve evidence, as directed by the Chief Information Security Officer, where its deemed appropriate

Incident Scenarios Summary

Short Term Duration /Minor Damage Long Term Duration /Major Damage
Source Originates Inside University of Iowa Report to Information Security & Policy Office

Assist in investigation as necessary

Remediate or repair breach (close)

Report to judicial representative for sanctions

Report to Information Security & Policy Office Preserve evidence

Stop/Repair breach (close)

Notify service provider(s)

Report to CIO

Report to judicial representative and/or General Counsel and/or Public Safety for follow-up

Source Originates Outside University of Iowa
Report to Information Security & Policy Office

Repair breach (close)

Send notice/complaint to service provider(s) if possible

Report to Information Security & Policy Office

Preserve evidence

Notify service provider(s)

Pinpoint source if possible

Stop/Repair breach (close)

Report to CIO

Report to General Counsel and/or Public Safety for follow-up

Related Policies, References and Attachments:
This collection of University of Iowa Information Technology policies and procedures contain acceptable use, security, networking, administrative, and academic policies that have been developed to supplement and clarify University of Iowa policy.
They are incorporated into the University of Operations Manual (http://www.uiowa.edu/~our/opmanual/index.html) by reference, per the Policy on Acceptable Use of Information Technology Resources.
  1. Acceptable Use of Information Technology Resources Policy
  2. Computer Security Breach Notification Policy
Procedures for handling a computer system compromise incident
IT Security Best Practices

Attachment 1 - DETAILED RESPONSES:
Short Term Attack and/or with Minor Damage

Long Term Attack and/or with Major Damage

Attachment 2 - CONTACTS:

Enterprise IT Security Representatives:

Jane Drews, Chief Information Security Officer, Information Security & Policy Office
it-security@uiowa.edu | (319)335-6332

Jeffery Vossenkemper, IT Security Officer, UI Healthcare Information Systems
itsecurity-hcis@uiowa.edu | (319) 356-0071

IT Management:
Steve Fleagle, Associate Vice President and CIO, The University of Iowa
Rex Pruess, Senior IT Director, ITS Enterprise Infrastructure

Lee Carmen, Associate Vice President and CIO, UI Healthcare Information Systems
Patrick Duffy, Senior IT Director, UI Healthcare Information Systems

Judicial Representatives:

Students:  Division of Student Life, (319) 335-3557
Tom Rocklin, Vice President for Student Life

Faculty:  Tom Rice, Associate Provost for Faculty
P. Barry Butler, Executive Vice President and Provost