IR-8: Incident Response Plan

NIST Baseline:  Low 

Privacy Baseline:  Yes 

DIR Required By:  07/20/2023 

Review Date:  07/24/2024 

  • Priorities for handling information security incidents are as follows: 
    • Protection of human life and safety; 
    • Protection of university data; 
    • Prevention of damage to systems and restoration of systems to routine operation as quickly as possible; and 
    • Collection and analysis of information to determine if a violation of Tarleton’s Information Security Policies or the commission of a computer crime has occurred. 
  • Tarleton’s Security Operations Center (SOC) Team / OITS Security Team 
    • Tarleton’s SOC Team consists of a group of experienced security professionals and technicians with the authority and expertise to resolve a system incident.  This team reports to the Tarleton Chief Information Security Officer (CISO) as part of the Tarleton Office of Innovative Technology Solutions (OITS).  
    • When a possible information security incident is reported, the Tarleton SOC team shall investigate the incident, analyze available data, and resolve the incident. Data collected during the investigation shall be maintained as needed in order to: 
      • Assess changes necessary to avoid future incidents, 
      • Categorize the incident for reporting purposes, and 
      • Identify responsible parties. 
  • Tarleton’s Incident Response Plan 
    • The Tarleton CISO or their designee will develop an information security incident response plan that:  
      • Provides Tarleton with a roadmap for implementing its incident response capability;  
      • Describes the structure and organization of the incident response capability;  
      • Provides a high-level approach for how the incident response capability fits into the overall organization;  
      • Meets the unique requirements of Tarleton and the Texas A&M University System (TAMUS), which relate to mission, size, structure, and functions;  
      • Defines reportable incidents;  
      • Provides metrics for measuring the incident response capability;  
      • Defines the resources and management support needed to effectively maintain and mature an incident response capability; and  
      • Is reviewed and approved by the Tarleton Chief Information Officer (CIO).  
    • The incident response plan will be distributed to the personnel responsible for information system restoration;   
    • The plan will be reviewed periodically and updated to address system changes or problems encountered during plan implementation, execution, or testing;   
    • Changes to the plan must be communicated to applicable incident response personnel; 
    • The plan must be protected from unauthorized disclosure and modification; and 
    • The incident response plan shall be included in the annual testing as described in Control IR-3, Incident Response Testing.  

References/Additional Resources

Section 2054.518, Government Code