INFORMATION TECHNOLOGY POLICY



Similar documents
COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING

INFORMATION TECHNOLOGY POLICY

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING

INFORMATION TECHNOLOGY POLICY

Information Technology Policy

Security Incident Response Process. Category: Information Security and Privacy. The Commonwealth of Pennsylvania

Data Security Incident Response Plan. [Insert Organization Name]

ITL BULLETIN FOR SEPTEMBER 2012 REVISED GUIDE HELPS ORGANIZATIONS HANDLE SECURITY-RELATED INCIDENTS

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING

INFORMATION SECURITY INCIDENT REPORTING POLICY

IT Security Incident Management Policies and Practices

DUUS Information Technology (IT) Incident Management Standard

AUGUST 28, 2013 INFORMATION TECHNOLOGY INCIDENT RESPONSE PLAN Siskiyou Boulevard Ashland OR 97520

State Agency Cyber Security Survey v October State Agency Cybersecurity Survey v 3.4

OVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii

ISO IEC ( ) TRANSLATED INTO PLAIN ENGLISH

C. Author(s): David Millar (ISC Information Security) and Lauren Steinfeld (Chief Privacy Officer)

Standard: Information Security Incident Management

Information Security Policy. Chapter 10. Information Security Incident Management Policy

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

Security Incident Procedures Response and Reporting Policy

Cyber Incident Response

Office of Inspector General

Information Technology Security Review April 16, 2012

Information Security Incident Management Guidelines

Virginia Commonwealth University School of Medicine Information Security Standard

FISH AND WILDLIFE SERVICE INFORMATION RESOURCES MANAGEMENT. Chapter 7 Information Technology (IT) Security Program 270 FW 7 TABLE OF CONTENTS

Virginia Commonwealth University School of Medicine Information Security Standard

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics

Fiscal Year 2014 Federal Information Security Management Act Report: Status of EPA s Computer Security Program

INFORMATION TECHNOLOGY STANDARD

Cyber Security Incident Handling Policy. Information Technology Services Center (ITSC) of The Hong Kong University of Science and Technology

Document Title: System Administrator Policy

Rulebook on Information Security Incident Management General Provisions Article 1

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO

Information Security Program CHARTER

IMS-ISA Incident Response Guideline

micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.

DOCUMENT NUMBER: IT-0514

MEAD JOHNSON NUTRITION COMPANY CODE OF ETHICS FOR SENIOR FINANCIAL OFFICERS

ANTI-FRAUD POLICY Adopted August 13, 2015

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING

Information Security Incident Management Policy

16) INFORMATION SECURITY INCIDENT MANAGEMENT

State University of New York at Potsdam. Workplace Violence Prevention Policy and Procedures

Report of Evaluation OFFICE OF INSPECTOR GENERAL. OIG 2014 Evaluation of the Farm Credit OIG 2014 Administration s. Management Act.

Norwich University Information Assurance Security Policy. Final Version 10.0 for Implementation

Wright State University Information Security

CITY UNIVERSITY OF HONG KONG Information Security Incident Management Standard

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE, AND AGING

INFORMATION TECHNOLOGY SYSTEMS ASSET MANAGEMENT GUIDELINE

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

How To Check If Nasa Can Protect Itself From Hackers

NIST CYBERSECURITY FRAMEWORK COMPLIANCE WITH OBSERVEIT

Incident Response Guidance for Unclassified Information Systems

How To Audit The Mint'S Information Technology

Information Security Incident Management Guidelines. e-governance

ADMINISTRATIVE POLICY # (2014) Information Security Roles and Responsibilities

Risk Management Guide for Information Technology Systems. NIST SP Overview

APHIS INTERNET USE AND SECURITY POLICY

CODE OF ETHICS FOR SENIOR FINANCIAL OFFICERS

TABLE OF CONTENTS Information Systems Security Handbook Information Systems Security program elements. 7

Data Security Breach Incident Management Policy

Standard Operating Procedure Information Security Compliance Requirements under the cabig Program

DHHIT Network Security Standards and Procedures

University of Sunderland Business Assurance Information Security Policy

Data Management Policies. Sage ERP Online

CHAPTER 1 COMPUTER SECURITY INCIDENT RESPONSE TEAM (CSIRT)

SECURITY INCIDENT REPORTING AND MANAGEMENT. Standard Operating Procedures

Information Resources Security Guidelines

Information Security Policy

Benefits of Big Data Analytics in Security Helping Proactivity and Value Creation. June 2015

UNITED STATES COMMISSION ON CIVIL RIGHTS. Fiscal Year 2012 Federal Information Security Management Act Evaluation

DOT.Comm Oversight Committee Policy

VA Data Breach Follow-Up. Adair Martinez, Deputy Assistant Secretary for Information Protection and Risk Management Department of Veterans Affairs

DRAFT National Rural Water Association Identity Theft Program Model September 22, 2008

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security. Topics

Encrypted Users Guide. Revised 6/8/2015

The Value of Vulnerability Management*

STATE OF NORTH CAROLINA

California State University, Chico. Information Security Incident Management Plan

March 17, 2015 OIG-15-43

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

MICHIGAN AUDIT REPORT OFFICE OF THE AUDITOR GENERAL. Doug A. Ringler, C.P.A., C.I.A. AUDITOR GENERAL ENTERPRISE DATA WAREHOUSE

Mike Casey Director of IT

ASU Web Application Security Standard

Summary of CIP Version 5 Standards

REDEFINING THE BOUNDARIES OF RISK MANAGEMENT, NOW AND INTO THE FUTURE

Security Incident Management Policy

Information Security for IT Administrators

AUDIT REPORT WEB PORTAL SECURITY REVIEW FEBRUARY R. D. MacLEAN CITY AUDITOR

Policy on Privileged Access

EPA Can Better Assure Continued Operations at National Computer Center Through Complete and Up-to-Date Documentation for Contingency Planning

Information Technology Operational Audit DEPARTMENT OF STATE. Florida Voter Registration System (FVRS) Report No July 2015

UMHLABUYALINGANA MUNICIPALITY ANTIVIRUS MANAGEMENT POLICY

Information Security Program

FFIEC Cybersecurity Assessment Tool

Network Security Policy

Transcription:

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT OF PUBLIC WELFARE INFORMATION TECHNOLOGY POLICY Name Of Policy: Incident Reporting & Response Policy Domain: Security Date Issued: 05/26/2011 Date Revised: 10/11/2013 Number: POL-SEC004 Category: Issued By Direction Of: Sandra Patterson, CIO Bureau of Information Systems

Table of Contents 1 Introduction... 3 1.1 Purpose... 3 1.2 Scope... 3 1.3 Compliance... 3 1.4 Exemptions... 3 1.5 Policy Review and Update... 3 2 Incident Response Plan... 3 3 Incident Reporting... 4 4 Incident Handling... 4 5 Incident Monitoring... 5 6 Incident Response Assistance... 5 7 Appendix... 6 7.1 Supporting DPW Policies... 6 Document History Version Date Author Status Notes 1.0 05/26/2011 David Johnson Draft Initial Creation 1.0 05/31/2011 Tom Zarb Baseline Approved 1.1 10/11/2013 Pamela Skelton Updation Revised Content and formatted Department of Public Welfare 2

1 Introduction 1.1 Purpose This policy establishes requirements for the Department of Public Welfare s (DPW) capability to rapidly detect, contain, eradicate and recover from a broad range of information security incidents. DPW s incident response capability is a critical part of DPW s commitment to protecting citizen data and preventing disruption of government services. ITB-SEC024, IT Security Incident Reporting Policy, defines an incident as: a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard computer security practices. An incident may result from any of the following: a failure of security controls; an attempted or actual compromise of information; and/or waste, fraud, abuse, loss, or damage of government information and/or property. An incident response capability is necessary for rapidly detecting incidents, minimizing loss, mitigating weaknesses, and restoring any disrupted services. This policy identifies the required security controls for incident response preparation; as well as incident monitoring, handling and reporting. 1.2 Scope All DPW employees, contractors, vendors and business partners are responsible for understanding and complying with this policy. 1.3 Compliance Violations of this policy may lead to revocation of system privileges and/or disciplinary action. 1.4 Exemptions Requests for exemption to the policy should be submitted to the Chief Information Security Officer (CISO). Any exceptions granted will be issued a policy waiver for a defined period of time. 1.5 Policy Review and Update This document, and its supporting standards and procedures, will be reviewed annually, and updated as needed. 2 Incident Response Plan Preparation and planning, including ensuring that necessary plans, processes, and resources are in place; are critical to the effectiveness of DPW s incident response capability. a. DPW shall develop an Incident Response Plan, with supporting procedures, that: provides a roadmap for implementing DPW s incident response capability; describes the structure of the incident response capability; provides a high-level approach for how the incident response capability fits into the overall organization; defines reportable incidents; provides metrics for measuring the incident response capability within the organization; defines the resources and management support needed to effectively maintain and continually improve an incident response capability; and Describes the roles and responsibilities of DPW s information security incident responders. b. The incident response plan and supporting procedures shall be reviewed and approved by the CISO at least annually. Department of Public Welfare 3

a. The Incident Response Plan and supporting procedures shall be revised as needed, to address system/organizational changes or problems encountered during implementation, execution, or testing. Changes to the Incident Response Plan and supporting procedures shall be communicated to incident response personnel and other organizational elements as needed. 3 Incident Reporting Timely reporting of incident information to proper authorities; as appropriate, both internal and external to DPW, is vital. a. The DPW staff, contactors, vendors and business partners will comply with DPW incident reporting requirements (IT Security Incident Reporting, POL-ENSS02), including: DPW staffs, contractors, Program Offices and Business Partners are to promptly complete an IT Incident Reporting Form and email it to ra-itsecurity@state.pa.us or fax it to 717-772-7163 within 1 hours of identification of the lost/stolen IT asset. In addition, DPW s CISO should be notified of all major thefts/losses, immediately via phone or email. This includes but is not limited to desktops, laptops, Blackberries, CD/DVD-ROM disks, USB memory sticks, etc. This policy also covers the loss of any data, such as confidential data being sent to the wrong person. Business partners and vendors shall immediately notify the respective program offices or the CISO on identification of an actual or suspected misuse of IT resources or security incident. DPW staff and contractors shall immediately notify their respective section chiefs or system owners upon identifying an actual or suspected misuse of IT resources or security incident. Section chiefs or system owners shall report computer security incidents to the CISO immediately upon identification of the incident occurrence. DPW shall report incidents using OPD-SEC024B, IT Security Incident Reporting Form. The completed form is to be submitted via e-mail to Pennsylvania-Computer Security Incident Response Team (PA-CSIRT) or online to the PA-CSIRT Web Portal. b. DPW shall report incidents to the PA-CSIRT within 30 minutes of detection, via phone call or email. 4 Incident Handling In order to protect information assets, DPW s security incident handling capability must provide the necessary steps for security incident detection and resolution. a. DPW shall implement an incident handling capability for security incidents that includes preparation, detection and analysis, containment, eradication, and recovery. b. The CISO shall provide oversight for the incident response policies, procedures, investigations, and reporting of organizational incidents. c. The CISO shall ensure that incident handling activities are coordinated with, and included in, contingency planning activities. d. DPW shall employ automated mechanisms (e.g., an online incident management system or automated data collection, forensics, and analysis tools) to support the incident handling process. e. Lessons learned from prior and ongoing incident handling activities shall be incorporated into the incident handling procedures. Department of Public Welfare 4

5 Incident Monitoring As part of DPW s incident response process, identified incidents are documented and tracked. Documentation of incidents is critical to provide a historical record of the actions taken to resolve an incident, as well as provide information essential to a potential or actual investigation. a. The DPW Incident Response Team shall maintain an Incident Log, to track and document information security incidents on an ongoing basis. The minimum information that shall be recorded is: date and time the incident was reported, discovered or occurred; who reported or discovered the incident; how the incident was identified; description of the incident; incident-related tasks and who performed each, and the amount of time spent on each task; person coordinating the incident response; individuals contacted regarding the incident; and Information system(s), application(s), program office(s), vendor(s), business partner(s) or network(s) impacted. b. DPW shall ensure that relevant data from available information sources (e.g., application logs, host system logs, network logs) is included in incident documentation. 6 Incident Response Assistance To increase the availability of incident response-related information and support, automated mechanisms are employed across the organization. a. As part of increasing understanding of current response capabilities and support, DPW shall provide a push and/or pull capability for users seeking to obtain incident response assistance through either a website to query assistance capability, or conversely have the ability to proactively send information to users. b. The incident response assistance initiative and its supporting procedures shall be reviewed and approved by the CISO at least annually. Department of Public Welfare 5

7 Appendix 7.1 Supporting DPW Policies Document Type DPW IT Security Incident Reporting Policy (POL-ENSS02) ITB SEC021 - Security Information and Event Management Policy ITB-SEC024 - IT Security Incident Reporting Policy OPD-SEC024A: IT Security Incident Reporting Procedures OPD-SEC024B: IT Security Incident Reporting Form STD-SEC024C: Computer Incident Response Technology Standard Department of Public Welfare 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information