1.0 Revision History
Information Security Incident Response Team (ISIRT)
NAU – 710
Harper P. Johnson, Director of Information
The Information Security Incident
Response Team (ISIRT) is the specially-formed group of individuals responsible for
investigating Information Security Incidents at the University.
This policy provides the Director
of Information Security, who oversees the ISIRT, with the authority to develop
guidelines and requirements to meet the information security needs of users and
to safeguard the University's data, information, and information systems. Support
from all areas of the University is vital to the ISIRT's success.
The following policy advises those
using University information resources regarding the appropriate mechanism for
reporting of information security related incidents and the steps that will be
taken in response to an incident.
Information Security Incidents –
any event involving University data, information, or
information systems which:
violates local, state or U.S. federal
violates regulatory requirements which the
University is obligated to honor, or
violates an ABOR or University policy,
is determined to be harmful to the
security and privacy of University data, information, or information resources
constitutes harassment under applicable
law or University policy
involves the unexpected disruption of
University Administrators:University Administrators for the
purposes of this policy are those individuals responsible for campus
organizational units (e.g., deans, department chairs, principal investigators,
directors, or managers) or individuals having functional ownership of data,
information, or information systems.
Information – Data
elements, whether in part or combined, that are of value to the University,
such as student or employee records, intellectual property, research data, or
Information Systems – All computer and network systems owned by and/or
administered by the University. This includes all computing platforms of all
sizes from personal digital assistants (PDAs) to mainframe computers, all
peripheral devices and media, and all data contained on those systems.
This Policy applies to all Northern Arizona
University faculty, staff, students, and University Affiliates.
4.2 This Policy applies to data and information
in any tangible form whether it is written, filmed, typed, recorded
electronically or printed, and to all University information resources.
Individuals described in
paragraph 4.1 must immediately report suspected Information Security Incidents
to the ISIRT. Reporting may be done through the individual’s departmental
reporting structure, directly by contacting the ITS Solution Center during
business hours, or by completing the on-line Incident Handling and Analysis
Form, available at www.nau.edu/security.
If an Information Security Incident
has occurred on a University computing resource and the damage suspected could
involve a compromise of confidential or sensitive information, then no action
should be taken on the computer other than to disconnect it from the campus
network by removing the network cable or turning off the wireless device. Once
reported, ISIRT team members will assist in determining the cause of the
incident and assessing damage before the computer is returned to service.
of the University: The President supports and authorizes this policy
for University wide implementation.
Administrators: University Administrators are responsible to ensure
that this Policy is complied with in their organizational units.
of Information Security: The Director of Information Security is
responsible for developing and implementing procedures and guidelines necessary
to implement this Policy and for leading the ISIRT.
Security Incident Response Team:
Information Security Incidentswill be reported to and responded to by the ISIRT. The ISIRT will be
comprised of individuals with the necessary technical knowledge and skills to
identify, assess, respond to and communicate the effects of Information Security Incidents. ISIRT
members will be designated by the Director of Information Security, who is
authorized under this Policy to act in
the best interest of the University to secure university data, information, and information systems that are
threatened and to mitigate the threat.
Persons who are subject to this Policy
may also be subject to the provisions of applicable NAU Personnel Policies, the
student employment handbook, and Arizona Board of Regents policies, including
provisions for discipline for violation of this Policy, as well as applicable legal
State of Arizona – Government
Information Technology Agency – Incident Response and Reporting Standard S855: http://www.azgita.gov/policies_standards/default.htm#Security
Arizona Board of Regents: Information Security Policy: http://www.abor.asu.edu/1_the_regents/policymanual/guidelines-protocols/ABOR-Info-Security-Program-Guidelines.pdf
Arizona Board of Regents:
Information Security Guidelines:http://www.abor.asu.edu/1_the_regents/policymanual/guidelines-protocols/ABOR-Info-SecurityProgram-Guidelines.pdf
NAU Information Security Policy: http://www5.nau.edu/its/policies/#security