IT Cyber Incident Response Standards

Live Chat Support Software

Cyber Incident Reporting

Any member of the University community who suspects the occurrence of an IT security incident must report incidents in one of the following manners:

  • Suspected high severity events, such as those involving possible breaches of personal identity data, should be immediately be reported directly to the Information Security Officer by phone, e-mail, or in person.
  • All other suspected incidents may be reported to the Information Security Officer or by first reporting to IT support personnel who can then contact the Information Security Officer.
  • In the event that the Information Security Officer is unavailable, the Assistant Vice President for Information Technology may be used as the initial point of contact.

Cyber Incident Classification

Upon notification, discovery, or suspicion of an incident, the Information Security Officer will launch an investigation. The Information Security Officer will determine whether the incident is a false positive or a real incident. In the event that the incident is real and actionable, the Information Security Officer will determine severity level. In the event that the Information Security Officer cannot make a determination of an incident severity level, he will contact the Assistant Vice President for Information Technology for guidance.

Each Incident Severity Level has its own set of procedures, including escalation and response times, action items, and personnel involvement. At any time during an incident investigation, the severity can be raised or lowered, based upon newly discovered information.

Cyber Incident Tracking & Reporting

The Information Security Officer (or designated member of the CSIRT) will open a helpdesk ticket containing information about the security violation. Upon conclusion of the incident the Information Security Officer (or designated member of the CSIRT) will finalize and close out any open help desk tickets related to the incident. Related incident tracking logs will also be finalized and stored appropriately.

If the severity of the incident requires, or is otherwise requested by an appropriate administrator such as the Assistant Vice President for IT, the Information Security Officer (or designated member of the CSIRT) will compile a post-incident report utilizing the information logged during the incident as a basis of the report. The report will also include a summary of lessons learned and any recommended changes to be made to the environment to prevent future recurrence of the incident.

Contact

IT Help Desk

(573) 651-4357
helpdesk@semo.edu
Memorial Hall 107

IT Office

(573) 651-2217
One University Plaza
Cape Girardeau, Missouri 63701