Security Incident Response Procedure

Description

The Library and Technology Services organization has established a Security Incident Response Tracking Procedure to capture and track security incidents.

Scope

This procedure applies to the Technology Infrastructure & Operations and Security organizations. The procedure should be used for capturing and tracking information related to security incidents such as DDoS, unusual activity found in our monitoring tools, or incidents that are discovered using our tools. The purpose is to capture and store information from the investigation after the incident. 

This process should not be used for private or sensitive investigations by the CISO, as there is a separate process to handle private and legal investigations.

Only Technology Infrastructure & Operations, Security, CISO, and the CTO will have access to the Security Incidents project in Jira.

Incident Response Procedure

When a security incident is in progress, keep good notes and logs to be stored after the investigation is over. When the security incident is over, we will capture and track data in Jira following the steps below.

  1. Log into the Security Incidents project in Jira at https://lehigh.atlassian.net/secure/RapidBoard.jspa?projectKey=SI&rapidView=191

  2. Enter detailed information into the description.

  3. Upload any related documentation and logs

  4. Whomever worked on the incident should be the assignee

  5. After the task is created, if there are no further updates, mark the task as Done. Otherwise keep open and update until completed.

Revision History

Date

Version

Description

Approval

Date

Version

Description

Approval

Feb 28, 2022

1.0

Original Document

Approved