IR-9: Information Spillage Response

DIR Required By:  07/20/2023 

Review Date:  07/24/2024 

  • This control is required for information spills involving confidential information.  It is optional for spills involving other data classifications. 
  • Information resource owners are responsible for responding to information spills by: 
    • Identifying the specific information involved in the system contamination, and 
    • Alerting the Tarleton Chief Information Security Officer (CISO) of the information spill according to reporting guidelines described in Control IR-6, Incident Reporting, and using a method of communication not associated with the spill. 
  • The Tarleton CISO and the OITS Security Team/Tarleton Security Operations Center (SOC) Team is responsible for responding to the report of the information spillage by: 
    • Isolating the contaminated system or system component. 
    • Eradicating the information from the contaminated system or component. 
    • Identifying other systems or system components that may have been subsequently contaminated. 

References/Additional Resources

None.  See any applicable internal procedures.