{"id":1415,"date":"2024-07-24T17:03:09","date_gmt":"2024-07-24T17:03:09","guid":{"rendered":"https:\/\/www.tarleton.edu\/security-controls-catalog\/?page_id=1415"},"modified":"2024-09-06T20:43:13","modified_gmt":"2024-09-06T20:43:13","slug":"ir-8-incident-response-plan","status":"publish","type":"page","link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/incident-response-ir\/ir-8-incident-response-plan\/","title":{"rendered":"IR-8: Incident Response Plan"},"content":{"rendered":"\n<h1 class=\"wp-block-heading has-large-font-size\">IR-8: Incident Response Plan<\/h1>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>NIST Baseline: &nbsp;<\/strong>Low&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>Privacy Baseline:<\/strong> &nbsp;Yes&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>DIR Required By: &nbsp;<\/strong>07\/20\/2023&nbsp;<\/h2>\n\n\n\n<h2 class=\"wp-block-heading\" style=\"font-size:16px\"><strong>Review Date: &nbsp;<\/strong>07\/24\/2024&nbsp;<\/h2>\n\n\n\n<ul class=\"wp-block-list its-nested-list\">\n<li>Priorities for handling information security incidents are as follows:&nbsp;\n<ul class=\"wp-block-list\">\n<li>Protection of human life and safety;&nbsp;<\/li>\n\n\n\n<li>Protection of university data;&nbsp;<\/li>\n\n\n\n<li>Prevention of damage to systems and restoration of systems to routine operation as quickly as possible; and&nbsp;<\/li>\n\n\n\n<li>Collection and analysis of information to determine if a violation of Tarleton\u2019s Information Security Policies or the commission of a computer crime has occurred.&nbsp;<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Tarleton\u2019s Security Operations Center (SOC) Team \/ OITS Security Team&nbsp;\n<ul class=\"wp-block-list\">\n<li>Tarleton\u2019s SOC Team consists of a group of experienced security professionals and technicians with the authority and expertise to resolve a system incident.&nbsp; This team reports to the Tarleton Chief Information Security Officer (CISO) as part of the Tarleton Office of Innovative Technology Solutions (OITS).&nbsp;&nbsp;<\/li>\n\n\n\n<li>When a possible information security incident is reported, the Tarleton SOC team shall investigate the incident, analyze available data, and resolve the incident. Data collected during the investigation shall be maintained as needed in order to:\u00a0\n<ul class=\"wp-block-list\">\n<li>Assess changes necessary to avoid future incidents,&nbsp;<\/li>\n\n\n\n<li>Categorize the incident for reporting purposes, and&nbsp;<\/li>\n\n\n\n<li>Identify responsible parties.&nbsp;<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Tarleton\u2019s Incident Response Plan&nbsp;\n<ul class=\"wp-block-list\">\n<li>The Tarleton CISO or their designee will develop an information security incident response plan that:&nbsp;&nbsp;\n<ul class=\"wp-block-list\">\n<li>Provides Tarleton with a roadmap for implementing its incident response capability;&nbsp;&nbsp;<\/li>\n\n\n\n<li>Describes the structure and organization of the incident response capability;&nbsp;&nbsp;<\/li>\n\n\n\n<li>Provides a high-level approach for how the incident response capability fits into the overall organization;&nbsp;&nbsp;<\/li>\n\n\n\n<li>Meets the unique requirements of Tarleton and the Texas A&amp;M University System (TAMUS), which relate to mission, size, structure, and functions;&nbsp;&nbsp;<\/li>\n\n\n\n<li>Defines reportable incidents;&nbsp;&nbsp;<\/li>\n\n\n\n<li>Provides metrics for measuring the incident response capability;&nbsp;&nbsp;<\/li>\n\n\n\n<li>Defines the resources and management support needed to effectively maintain and mature an incident response capability; and&nbsp;&nbsp;<\/li>\n\n\n\n<li>Is reviewed and approved by the Tarleton Chief Information Officer (CIO).&nbsp;&nbsp;<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>The incident response plan will be distributed to the personnel responsible for information system restoration;&nbsp;&nbsp;&nbsp;<\/li>\n\n\n\n<li>The plan will be reviewed periodically and updated to address system changes or problems encountered during plan implementation, execution, or testing;&nbsp;&nbsp;&nbsp;<\/li>\n\n\n\n<li>Changes to the plan must be communicated to applicable incident response personnel;&nbsp;<\/li>\n\n\n\n<li>The plan must be protected from unauthorized disclosure and modification; and&nbsp;<\/li>\n\n\n\n<li>The incident response plan shall be included in the annual testing as described in <a href=\"https:\/\/www.tarleton.edu\/security-controls-catalog\/incident-response-ir\/ir-3-incident-response-testing\/\" data-type=\"page\" data-id=\"1213\">Control IR-3, Incident Response Testing<\/a>.&nbsp;&nbsp;<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator alignfull has-text-color has-tarleton-purple-color has-alpha-channel-opacity has-tarleton-purple-background-color has-background is-style-wide\"\/>\n\n\n\n<h3 class=\"wp-block-heading has-medium-font-size\"><strong>References\/Additional Resources<\/strong><\/h3>\n\n\n\n<p><a href=\"https:\/\/statutes.capitol.texas.gov\/Docs\/GV\/htm\/GV.2054.htm#2054.0591:~:text=Sec.%202054.518.%20%20CYBERSECURITY%20RISKS%20AND%20INCIDENTS.\" target=\"_blank\" rel=\"noreferrer noopener\">Section 2054.518, Government Code<\/a>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>IR-8: Incident Response Plan NIST Baseline: &nbsp;Low&nbsp; Privacy Baseline: &nbsp;Yes&nbsp; DIR Required By: &nbsp;07\/20\/2023&nbsp; Review Date: &nbsp;07\/24\/2024&nbsp; References\/Additional Resources Section 2054.518, Government Code&nbsp;<\/p>\n","protected":false},"author":1,"featured_media":580,"parent":1404,"menu_order":8,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"inline_featured_image":false,"advgb_blocks_editor_width":"","advgb_blocks_columns_visual_guide":"","footnotes":""},"class_list":["post-1415","page","type-page","status-publish","has-post-thumbnail","hentry"],"acf":[],"coauthors":[],"author_meta":{"author_link":"https:\/\/www.tarleton.edu\/security-controls-catalog\/author\/brian-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-2-3\/","display_name":"brian"},"relative_dates":{"created":"Posted 2 years ago","modified":"Updated 2 years ago"},"absolute_dates":{"created":"Posted on July 24, 2024","modified":"Updated on September 6, 2024"},"absolute_dates_time":{"created":"Posted on July 24, 2024 5:03 pm","modified":"Updated on September 6, 2024 8:43 pm"},"featured_img_caption":"","featured_img":false,"series_order":"","_links":{"self":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1415","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/comments?post=1415"}],"version-history":[{"count":0,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1415\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/pages\/1404"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/www.tarleton.edu\/security-controls-catalog\/wp-json\/wp\/v2\/media?parent=1415"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}