Information Security Response Team

For any event involving a possible data security breach or loss of student, faculty or staff confidential or private information, immediately notify the Information Security Response Team (ISRT) for evaluation. This group consists of:

  • Associate Director of Network and Infrastructure (3644)
  • General Counsel (3283)
  • Director of Human Resources (3398)
  • Registrar (3248)
  • Executive Director of Communications (3112)
  • Director of IT Operations (3152)

Information Security Response Team (ISRT)

  • The Information Security Response Team will be notified of the reported event and will meet to review and evaluate the reported potential breach or loss of information.
  • The ISRT team member initially notified will immediately notify IT via a submission to the service desk system so that:
    1. IT can enforce necessary campus policies and procedures and enact all available technical procedures to limit exposure of loss.
    2. Secure evidence for analysis by state and local authorities if necessary.
  • The Information Security Response Team members will determine if notification to impacted individuals is necessary. Decision criteria include:
    1. A confirmation that an incident occurred, involving confidential or private data loss.
    2. An interpretation by General Counsel in terms of applicable laws.
    3. An analysis of data in scope of event and qualification of whether data is useable if accessed, i.e. unencrypted or non-redacted.
    4. A reasonable belief that data in question was or can be acquired by unauthorized individuals for misuse
  • The Information Security Response Team will also:
    1. Communicate to other emergency response constituents, i.e. Cabinet, Security, Facilities in accordance with the broader Emergency Response plan.
    2. Contact Beasley Breach Response to engage support within service level agreement.
    3. Communicate with leadership for input and follow-up.

Executive Director of Communications

  • Develop a notification plan based on action steps recommended by the Information Security Response Team. This potentially includes but is not limited to:
    1. Communication to campus
    2. Written notifications to individuals impacted
    3. Dedicated telephone assistance and critical contact information via Help Lines
    4. Dedicated web site communications
    5. Press releases to public
    6. Credit file monitoring and expenses of impacted individuals
    7. Legal requirements and campus policies
    8. Managing news media