Security Incident Response Procedure
Description
The Library and Technology Services organization has established a Security Incident Response Tracking Procedure to capture and track security incidents.
Scope
This procedure applies to the Technology Infrastructure & Operations and Security organizations. The procedure should be used for capturing and tracking information related to security incidents such as DDoS, unusual activity found in our monitoring tools, or incidents that are discovered using our tools. The purpose is to capture and store information from the investigation after the incident.
This process should not be used for private or sensitive investigations by the CISO, as there is a separate process to handle private and legal investigations.
Only Technology Infrastructure & Operations, Security, CISO, and the CTO will have access to the Security Incidents project in Jira.
Incident Response Procedure
When a security incident is in progress, keep good notes and logs to be stored after the investigation is over. When the security incident is over, we will capture and track data in Jira following the steps below.
Log into the Security Incidents project in Jira at https://lehigh.atlassian.net/secure/RapidBoard.jspa?projectKey=SI&rapidView=191
Enter detailed information into the description.
Upload any related documentation and logs
Whomever worked on the incident should be the assignee
After the task is created, if there are no further updates, mark the task as Done. Otherwise keep open and update until completed.
Revision History
Date | Version | Description | Approval |
---|---|---|---|
Feb 28, 2022 | 1.0 | Original Document | Approved |
|
|
|
|