ICT Security Incident Policy ITD 5.3-02



Similar documents
Department of Education and Early Childhood Development. Notebooks for Teachers and Principals Program Policy

DBC 999 Incident Reporting Procedure

DEECD Corporate WorkSafe policy guide January 2013

How To Audit The Mint'S Information Technology

Audit summary of Security of Infrastructure Control Systems for Water and Transport

School Focused Youth Service Supporting the engagement and re-engagement of at risk young people in learning. Guidelines

Managing internet security

Information Incident Management Policy

Information Security

Victorian Training Guarantee Contract Compliance Complaints Management Guide

Victorian Training Guarantee Compliance Framework

Bring Your Own Device (BYOD) Acceptable Use Agreement 2015

DIGITAL TECHNOLOGY POLICY St Example s School

Aberdeen City Council IT Security (Network and perimeter)

How To Protect Decd Information From Harm

Rules for the use of the IT facilities. Effective August 2015 Present

OHSMS Implementation Guide

Connect Smart for Business SME TOOLKIT

Acceptable Use of Information Systems Standard. Guidance for all staff

STRATEGIC POLICY REQUIRED HARDWARE, SOFTWARE AND CONFIGURATION STANDARDS

Security Incident Management Policy

Guideline for department and agency implementation of the Information Security Penetration Testing standard SEC/STD/03.

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

Security Incident Management Process. Prepared by Carl Blackett

University of Liverpool

Addressing parents concerns and complaints effectively: policy and guides. Office for Government School Education

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

CITY UNIVERSITY OF HONG KONG Information Security Incident Management Standard

Information Security Incident Management Guidelines

Islington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014

Blacklisting Procedure

ISO Information Security Management Systems Foundation

6.9 Social Media Policy

Sydney Technical High School

WoVG Information Security Management Framework

Quality Assurance and Safeguards Working Arrangements for the Launch of the NDIS in Victoria

Users Guide to the ICT Service Desk

Victorian Government Information and Communication Technology (ICT) Governance

Students are expected to have regard to this policy at all times to protect the ipads from unauthorised access and damage.

The Bishop s Stortford High School Internet Use and Data Security Policy

How-To Guide: Cyber Security. Content Provided by

Information & ICT Security Policy Framework

How To Ensure Your School Is Safe Online

TRUST SECURITY MANAGEMENT POLICY

The Ministry of Information & Communication Technology MICT

Islington Data Protection Policy. A council-wide information policy Version 1.1 June 2014

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0

University of Colorado at Denver and Health Sciences Center HIPAA Policy. Policy: 9.2 Latest Revision: 04/17/2005 Security Incidents Page: 1 of 9

Peace Corps Office of the OCIO Information and Information Technology Governance and Compliance Rules of Behavior for General Users

SECURITY INCIDENT REPORTING AND MANAGEMENT. Standard Operating Procedures

Online Communication Services - TAFE NSW Code of Expected User Behaviour

St Peter Claver College Student 1:1 Laptop Program. Years Policy and Guidelines Booklet

Schedule A. MITA Career Level based on Responsibility Level (SFIA v5 Responsibility Levels)

Security Incident Policy

INTERNET, AND COMPUTER USE POLICY.

Privacy Incident and Breach Management Policy

ASIAN PACIFIC TELECOMMUNICATIONS PTY LTD STANDARD FORM OF AGREEMENT. Schedule 3 Support Services

Cyber Security Incident Reporting Scheme

HUMAN RESOURCES POLICIES & PROCEDURES

Out-of-Home Care Education Commitment

INFORMATION SECURITY INCIDENT MANAGEMENT PROCESS

Incident Management Policy

ICT Security Policy for Schools

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

Student Laptop Program

Internet Use Policy and Code of Conduct

SOCIAL MEDIA IN SCHOOLS. Guidelines for school staff using social media and other technologies. Licenced for NEALS

Information Governance Management Framework

September A Anti Bullying (Cyber Bullying) version 9

Level 3 Cambridge Technical in IT 05839/ 05840/ 05841/ Unit 3 Cyber security. Date Morning/Afternoon Time Allowed: 1 hour

Cyber Risks in the Boardroom

Notebooks for Teachers & Principals Program Overview-

Bring Your Own Device (BYOD) Policy

HMG Security Policy Framework

Working Practices for Protecting Electronic Information

PRIVACY BREACH MANAGEMENT POLICY

Threat Management: Incident Handling. Incident Response Plan

Transcription:

ICT Security Incident Policy ITD 5.3-02

Published by the Information Technology Division Department of Education and Early Childhood Development Melbourne September 2011 State of Victoria (Department of Education and Early Childhood Development) 2011 The copyright in this document is owned by the State of Victoria (Department of Education and Early Childhood Development), or in the case of some materials, by third parties (third party materials). part may be reproduced by any process except in accordance with the provisions of the Copyright Act 1968 the National Education Access Licence for Schools (NEALS) (see below) or with permission. NEALS is an educational institution situated in Australia which is not conducted for profit, or a body responsible for administering such an institution may copy and communicate the materials, other than third party materials, for the educational purposes of the institution. This document is available at: http://www.education.vic.gov.au/about/deptpolicies/default.htm

Contents ICT Security Incident Policy... 5 1. Purpose... 5 2. Scope... 5 3. Definitions... 6 4. Policy Statement... 6 5. Reporting... 6 6. Legislative/Business Context... 7 7. Privacy and Human Rights... 7 8. Related Documents... 7 9. Accountabilities... 8 10. Contact... 8 11. Review... 8 12. Approving Authority... 8

ICT Security Incident Policy 1. Purpose 1.1 This document outlines the Department s policy for identifying and reporting ICT security incidents which have the potential to cause significant harm to the Department s ICT resources. It describes: the definition of an ICT security incident (Section 2.2) the immediate escalation steps and contact points for these incidents. 1.2 A flowchart can be found in Appendix 1 of this policy. 2. Scope 2.1 This policy applies to anyone who becomes aware of an ICT security incident for the Department s internally and externally hosted ICT Resources. This includes: central and regional corporate staff (including contractors) school staff (principals, teachers and administration staff) Specialist Technicians in schools, ICT coordinators and local technicians staff of third party providers supporting or hosting an ICT resource of the Department. 2.2 This policy specifically relates to the following types of ICT security incident: 2.2.1 Malicious software installed on Departmental computers, devices or ICT systems that can t be detected, removed or quarantined by anti-virus or anti-spyware products. 2.2.2 An attempt to disrupt the availability of a Departmental ICT resource(s). 2.2.3 Criminal activity launched from internal or external networks that is directed at the Department s ICT resources or users. 2.2.4 An attack from the internet on the Department s electronic communication networks. 2.2.5 Defacement of Departmental websites, including schools. 2.2.6 A serious breach of the Department s ICT Security Policy. 2.2.7 Theft, loss or unauthorised transfer of business-sensitive or personally identifiable information from Departmental ICT resources. 2.3 Types of incidents not within the scope of this policy include: 2.3.1 Access issues affecting Departmental users, such as locked accounts. 2.3.2 Cyber bullying or harassment. 2.3.3 Operational incidents such as software or hardware failure. ICT Security Incident Policy, ITD 5.3-02 5

2.3.4 Activity on external websites (i.e. not owned by the Department) such as YouTube, Facebook and Twitter. 2.3.5 Users receiving spam email. 2.4 This policy does not describe actions required to resolve ICT security incidents. 3. Definitions Table 3.1: Definitions Term EMT FOI ICT ICT Resource ICT Security Incident ISMD ITD ST Definition ITD Executive Management Team Freedom Of Information Information and communication technology ICT application, infrastructure, device or service One of a number of events affecting the Department s internally and externally hosted ICT resources as defined in Section 2.2 Information Strategy & Management Division Information Technology Division Specialist technician engaged through the Technical Support to Schools Program. 4. Policy Statement 4.1 This policy governs the escalation process for ICT security incidents. 5. Reporting All individuals covered by this policy should: 5.1 Report all ICT security incidents that occur in: central offices regional offices schools non-government sites hosting Department applications. 5.2 Report non-urgent ICT security incidents to the ITD Service Desk via the online Service Gateway to ensure centralised logging, tracking and management of the incident. The ITD Service Desk will then assign a priority and escalate to Risk Management if within scope of this policy. If the incident relates to a serious breach of the ICT Security Policy, your incident report should not identify the individuals involved. Risk Management will contact you to obtain details. 5.3 Contact the ITD Service Desk by telephone in the following circumstances: the incident requires urgent attention computer access is not available to the online Service Gateway. 6 ICT Security Incident Policy, ITD 5.3-02

ITD Risk Management will: 5.4 Review the priority rating of each reported ICT security incident and inform the ITD Service Desk if the priority should be changed. 5.5 tify the appropriate senior management including: The General Manager, ITD and the Assistant General Manager, IT Services, ITD for ICT security incidents rated as Priority 1 or 2. Government Services Division, Department of Treasury and Finance if the incident is likely to impact other government departments or agencies. Privacy Advisor, FOI and Privacy Unit, if the incident relates to theft, loss or unauthorised transfer of business-sensitive or personally identifiable information The General Manager, Conduct and Ethics, if the incident relates to a serious breach of policy by a Department staff member. 5.6 Perform the following actions to manage incident resolution and closure: Monitor resolution of the ICT security incident. For priority 1 and 2 incidents, convene a post incident review meeting to identify the root cause and the ICT vulnerabilities which enabled the incident to occur, and to make recommendations that will reduce the likelihood of the incident re-occurring. For priority 1 and 2 incidents, submit an incident management report to EMT and ISMD. tify the ITD Service Desk that the incident can be closed. 6. Legislative/Business Context 6.1 This policy is to be read in conjunction with the WoVG Security Standard 06 Information security - Incident management at the URL below. https://www.dtf.vic.gov.au/ca257310001d7fc4/pages/policies-and-standardsinformation-security 7. Privacy and Human Rights 7.1 This policy complies with the Victorian Charter of Human Rights and Responsibilities and is consistent with the Information Privacy Act 2000. 8. Related Documents 8.1 This policy is to be read in conjunction with the Department s ICT Security Policy and Acceptable Use Policy for ICT Resources located at the URL below. http://www.education.vic.gov.au/about/deptpolicies/ ICT Security Incident Policy, ITD 5.3-02 7

9. Accountabilities 9.1 General Manager, ITD. Informs the Deputy Secretary, Office for Resources and Infrastructure of a Priority 1 ICT security incident. Decides whether to shut down a critical ICT service. 9.2 Manager, Risk Management, ITD. 10. Contact Validate the reported incident is an ICT security incident in consultation with the appropriate technical experts. Validate the priority assigned to the security incident. Communicate to key stakeholders. Monitor and review (and develop strategies to avoid similar incidents). 10.1 Queries regarding this policy are to be directed to Manager, Risk Management (ITD) via the ITD Service Desk 11. Review 11.1 This policy will be reviewed every 12 months or earlier if necessary. 12. Approving Authority 12.1 Changes to this policy may not be invoked without prior approval by the General Manager, ITD. 8 ICT Security Incident Policy, ITD 5.3-02

Appendix 1 Process for anyone to escalate an ICT security incident Malicious software? Report ICT security incident to ITD Service Desk via online Service Gateway; by telephone if urgent ITD Service Desk assigns incident to Risk Management Attempt to disrupt ICT availability? Risk Management (RM) validates incident and priority Criminal attack on network? Valid incident? Both valid? RM requests ITD Service Desk to change priority RM notifies GM,ITD and AGM,ITSB if priority 1 or 2 Internet attack on network? RM notifies GSD/DTF if incident is risk to WoVG DEECD website defacement? RM notifies DEECD Privacy Advisor if incident relates to loss of sensitive/personal data RM notifies GM, Conduct & Ethics if incident relates to serious breach of policy Serious breach ICT security policy? ITD follows resolution/recovery procedure applicable for this ICT security incident Loss of sensitive / personal data? RM monitors resolution to completion ITD post Incident review - Identify root cause and the vulnerabilities exploited, and make recommendations Priority 1 & 2 incidents Incident not covered by this policy Incident not covered by this policy. RM notifies ITD Service Desk to reassign incident RM submits an incident report to EMT and ISMD Close the incident Priority 1 & 2 incidents ICT Security Incident Policy, ITD 5.3-02 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information