IR-6: Incident Reporting
NIST Baseline: Low
Privacy Baseline: Yes
DIR Required By: 07/20/2023
TAMUS Required By: 08/01/2022
Review Date: 07/10/2024
- Anyone may report illegal, disruptive, or suspicious activity impacting Tarleton State University (Tarleton) information resources at any time to the Office of Innovative Technology Solutions (OITS) Helpdesk through e-mail ([email protected]) or telephone (254-968-9885).
- Known or suspected security incidents must be reported immediately to either:
- Tarleton OITS Helpdesk: (254)968-9885 or [email protected], or
- Tarleton OITS Security Team: [email protected].
- The Tarleton Chief Information Security Officer (CISO) has reporting responsibilities to the Texas Department of Information Resources (DIR) for security incidents that are assessed to:
- Propagate to other university or state systems;
- Result in criminal violations that shall be reported to law enforcement; or
- Involve the unauthorized disclosure or modification of confidential information, e.g., sensitive personal information as defined in Texas Business and Commerce Code §521.002(a)(2) and other applicable laws that may require public notification.
- If the security incident is assessed to involve suspected criminal activity (e.g., violations of Texas Penal Code Chapter 33 or Chapter 33A ), the security incident shall be investigated, reported, and documented in a manner that restores operation promptly while meeting the legal requirements for handling of evidence in accordance with 1 Texas Administrative Code §202.23(b) and §202.73(b).
- The Tarleton CISO will ensure reporting to Texas A&M University System (TAMUS) Cybersecurity Operation Center when specific requirements are met for reporting incidents to TAMUS so that any required notifications of an incident can be made to any additional TAMUS Offices.