IR-9: Information Spillage Response
DIR Required By: 07/20/2023
Review Date: 07/24/2024
- This control is required for information spills involving confidential information. It is optional for spills involving other data classifications.
- Information resource owners are responsible for responding to information spills by:
- Identifying the specific information involved in the system contamination, and
- Alerting the Tarleton Chief Information Security Officer (CISO) of the information spill according to reporting guidelines described in Control IR-6, Incident Reporting, and using a method of communication not associated with the spill.
- The Tarleton CISO and the OITS Security Team/Tarleton Security Operations Center (SOC) Team is responsible for responding to the report of the information spillage by:
- Isolating the contaminated system or system component.
- Eradicating the information from the contaminated system or component.
- Identifying other systems or system components that may have been subsequently contaminated.
References/Additional Resources
None. See any applicable internal procedures.