![]() ![]() This document provides an overview of the process. The sections below describe: 1) Who to notify upon discovery of an incident 2) procedures for handling and recovering from an incident in a manner appropriate to the type of security incident and 3) how to establish a reporting format and evidence retention procedure. The purpose of the IT Security Information Breach Notification Plan (IT Breach Plan or the Plan) is to supplement the Policy with general guidance to the University community to enable quick and efficient recovery from security incidents respond systematically to incidents and carry out the steps necessary to handle an incident and minimize disruption to critical computing services or loss or theft of sensitive or mission critical information. delivery of awareness and training on security incident reporting and handling periodically to maintain, enhance, or reinforce understanding of these measures.periodic testing of the information security handling process to measure efficacy and.review of security incidents for any patterns and areas of risk to help improve incident handling policies and procedures.expeditious handling of security incidents to facilitate the restoring of normal operations.compliance with any state, federal or international laws governing security incident and data breach events.timely notice and communication as required to external bodies and affected individuals.availability of records for internal and external reviews.an assessment on the impact of security incidents to help identify and take measures that will prevent recurrence or mitigate harm.documentation of security incidents for recordkeeping.engagement of the relevant and appropriate levels of University management to foster a coordinated determination of the response actions. ![]() cooperation with those charged with investigating security incidents to help identify required actions.handling of such incidents by authorized personnel to allow for proper and complete investigation.In addition, the Policy requires maintenance of a process to help identify and act on security incidents quickly and effectively, including: This Policy requires all individuals with access to NYU IT Resources and Information to immediately report any suspected or actual security incidents to the Global Office of Information Security. The IT Security Information Breach Notification Policy defines the minimum requirements and responsibilities for reporting security incidents to minimize the negative impact on the confidentiality, integrity, and availability of University Information Resources and University Information and systems. The entire NYU community (faculty, staff, students, contractors/consultants, alumni, vendors, and guests) who access these assets must adhere to this Policy. This Policy applies to all University Information and IT resources owned or operated by or on the University's behalf. Prompt detection and appropriate handling of these security incidents are necessary to protect information assets critical to the University’s mission, preserve personal data privacy and confidentiality, and facilitate compliance with applicable laws and regulations. ![]() IT resources include individual computers, servers, storage devices, and media, and mobile devices, as well as the information stored on them (see also, Data and Systems Security Policy). ![]() An information technology (IT) security incident is an actual or suspected event that may adversely impact the confidentiality, integrity, or availability of an IT resource used by New York University (NYU) or any information processed, stored, or transmitted by those resources. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |