Information Security Incident Handling Policy

Policy Statement

The purpose of this policy is to provide the framework in which information security incidents will be handled.

Reason for Policy

This policy governs the actions required for reporting or responding to security incidents involving Adelphi information and/or information technology resources to ensure effective and consistent reporting and handling of such events.

Who Is Governed by this Policy

All end-user and application management accounts on computerized information systems operated by or on behalf of Adelphi University.

Policy

1. Information security incidents will be handled by a team that is directed by the Information Security Officer. In order to stay aligned with global best practices, the team will be referenced as Adelphi University Computer Security Incident Response Team (Adelphi-CSIRT).
2. Incidents must be explicitly declared by the Information Security Officer and will be documented appropriately.
3. All contacts with members of the press must be channeled through the Director of Media Affairs.

Enforcement

Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

Deviation From This Policy

Deviation from this policy is allowed after approval by the Chief Information Officer.

Definitions

This policy does not have definitions associated with it at this time. Upon periodic policy review this area will be evaluated to determine if additional information is needed to supplement the policy.

Forms

此政策目前没有与之相关的表格。在定期政策审查时，将对这一领域进行评估，以确定是否需要额外的信息来补充政策。

Related Information

This policy does not have related information at this time. Upon periodic policy review this area will be evaluated to determine if additional information is needed to supplement the policy.

Document History

• Last Reviewed Date: Fall 2017
• Last Revised Date: Fall 2017
• Policy Origination Date: October 7, 2009

Who Approved This Policy

Office of Information Technology