The purpose of this document is to provide some general guidelines and procedures for dealing with computer security incidents. The document is meant to provide Montreat College support personnel with some guidelines on what to do if they discover a security incident. The term incident in this document is defined as any irregular or adverse event that occurs on any part of the Montreat College Network. Some examples of possible incident categories include: compromise of system integrity; denial of system resources; illegal access to a system (either a penetration or an intrusion); malicious use of system resources, or any kind of damage to a system.
This policy applies to all Montreat College employees.
- All members of the University community are responsible for reporting known or suspected information or information technology security incidents. All security incidents at Montreat College must be promptly reported to the Director of Technology.
- Incident response will be handled appropriately based on the type and severity of the incident in accordance with the Incident Response Table below.
- All individuals involved in investigating a security incident should maintain confidentiality, unless the Director of Technology authorizes information disclosure in advance.
- Incident response will be managed based on the level of severity of the incident. The level of severity is a measure of its impact on or threat to the operation or integrity of the institution and its information. It determines the priority for handling the incident, who manages the incident, and the timing and extent of the response. Four levels of incident severity will be used to guide incident response: high, medium, low, and NA (Not Applicable).
Incident Response Table
|Incident Severity||Characteristics (one or more condition present determines the severity)||Response Time||Incident Manager||Who to Notify||Post-Incident Report Required*|
|High||Significant adverse impact on a large number of systems and/or people|
Potential large financial risk or legal liability to the College
Threatens confidential data
Adversely impacts a critical enterprise system or service
Significant and immediate threat to human safety
High probability of propagating to a large number of other systems on or off campus and causing significant disruption
|Immediate||Director of Technology||Director of Technology |
|Medium||Adversely impacts a moderate number of systems and/or people |
Adversely impacts a non-critical enterprise system or service
Adversely impacts a departmental scale system or service
Disrupts a building or departmental network
Moderate risk of propagating and causing further disruption
|4 hours||Appointed by Director of Technology||Director of Technology System Administrator Helpdesk Administrator||No, unless requested by the Director of Technology or other appropriate administrator|
|Low||Adversely impacts a very small number of non- critical individual systems, services, or people |
Disrupts a very small number of network devices or segments
Little risk of propagation and further disruption
|Next business day||Helpdesk Administrator||Director of Technology System Administrator Helpdesk Administrator||No|
|N/A||“Not Applicable” – used for suspicious activities which upon investigation are determined not to be an IT security incident.|
Phone: 828-669-8012 Ext. 3663
Initial Draft: 08/10/2016