Information Security Response Team
For any event involving a possible data security breach or loss of student, faculty or staff confidential or private information, immediately notify the Information Security Response Team (ISRT) for evaluation. This group consists of:
- Associate Director of Network and Infrastructure (3644)
- General Counsel (3283)
- Director of Human Resources (3398)
- Registrar (3248)
- Executive Director of Communications (3112)
- Director of IT Operations (3152)
Information Security Response Team (ISRT)
- The Information Security Response Team will be notified of the reported event and will meet to review and evaluate the reported potential breach or loss of information.
- The ISRT team member initially notified will immediately notify IT via a submission to the ITService@shawnee.edu service desk system so that:
- IT can enforce necessary campus policies and procedures and enact all available technical procedures to limit exposure of loss.
- Secure evidence for analysis by state and local authorities if necessary.
- The Information Security Response Team members will determine if notification to impacted individuals is necessary. Decision criteria include:
- A confirmation that an incident occurred, involving confidential or private data loss.
- An interpretation by General Counsel in terms of applicable laws.
- An analysis of data in scope of event and qualification of whether data is useable if accessed, i.e. unencrypted or non-redacted.
- A reasonable belief that data in question was or can be acquired by unauthorized individuals for misuse
- The Information Security Response Team will also:
- Communicate to other emergency response constituents, i.e. Cabinet, Security, Facilities in accordance with the broader Emergency Response plan.
- Contact Beasley Breach Response to engage support within service level agreement.
- Communicate with leadership for input and follow-up.
Executive Director of Communications
- Develop a notification plan based on action steps recommended by the Information Security Response Team. This potentially includes but is not limited to:
- Communication to campus
- Written notifications to individuals impacted
- Dedicated telephone assistance and critical contact information via Help Lines
- Dedicated web site communications
- Press releases to public
- Credit file monitoring and expenses of impacted individuals
- Legal requirements and campus policies
- Managing news media