Question

hello please help me in following question,

" Develop an incident response plan for a university ."

please help me with this question as soon as possible.

Answer 1

Develop an incident response plan for a university ."

What is an Incident Response Plan (IRP)?

Enterprises can have incident response plans for a wide variety of crises. For example, it may be necessary to implement a response plan if a serious weather event threatens a network operations center. This would be considered part of continuity planning – a plan to restore and maintain delivery of crucial services in the event of the unforeseen circumstance.

steps

Step One: Select an Enterprise Sponsor and Develop Risk Assessments

Step Two: Develop “Quick Response” Procedures for Key Threats

Once the most likely threats have been identified, the IT team should be prepared to work cross-functionally to identify best practices in the event those threats materialize.

Step Three: Maintain Effective Relationships and Service Level Agreements (SLAs)

In many circumstances, it will be necessary to activate resources throughout the community after an immediate network threat has passed.

Step Four: Document and Clarify All Emergency Response Standards

Even the best plan will be ineffective if nobody knows the details. During a serious incident, every minute counts

Step Five: Align Training with Emergency Response Standards

Step Six: Run Simulations to Accelerate Real-World Crisis Response

Purpose

The Information Security Incident Response procedure provides specific details of how information security events are handled within the University of Wisconsin-River Falls. This procedure has been developed to comply with University of Wisconsin System Administration Policy 1033, Information Security Incident Response

Responsible

Each Chancellor or designee shall annually review and approve their institution’s information incident response procedure. The UW System President or designee shall annually review and approve UW System Administration’s information security incident response procedure.

At UW-River Falls, the Chief Information Security Officer reports to the UW-River Falls Chief Information Officer who reports to the Provost who is a member of the cabinet led by Chancellor.

Scope

This procedure applies to all University of Wisconsin-River Falls faculty, staff and associated individuals.

Background

This procedure is internal to the University of Wisconsin-River Falls and is intended to be in alignment with applicable UW System and Board of Regents policy. UW-River Falls is committed to a secure information technology environment in support of its mission. The Division of Technology Services is entrusted by the administration to ensure this procedure is designed to generate a swift and deliberate response to any security event that may occur.

Procedures

This policy requires that any individual who suspects that an information security incident has likely occurred shall report it using the appropriate institutional procedures. Personnel involved in information security incidents shall cooperate with investigation teams and provide access to UW System assets. Where personally owned information technology assets are involved, cooperation and access is necessary to ensure no institutionally owned data is compromised.
This policy requires the creation of an information security incident response procedure at each UW System institution

Procedures - Preparation

i. Procedures detailing the implementation of tools, process and staff to monitor assets for indicators of compromise and signatures for misconfigured or vulnerable systems
ii. Procedures for submitting information of a potential incident to appropriate incident response personnel
iii. Identification of specific position(s) and/or team(s), and their roles and responsibilities for those involved in incident response. This may include management, departmental representatives, information technology response staff, institutional risk management, university communications, and legal advice
iv. Identification of documentation to be collected during the response to the incident
v. Integration with other institutional business continuity and disaster recovery programs
vi. A requirement for annual testing of the incident response procedure

Procedures for submitting information of a potential incident to appropriate incident response personnel

1. Chief Information Security Officer (CISO)
2. If unavailable: Chief Information Officer (CIO)
3. If unavailable: Refer to DoTS COOP (Continuity Of Operations Plan) - 2.05 Orders of Succession