3.8 Incident Management and Response

A breach in the security of restricted data can lead to identity theft, legal action against the university, or other great harm to the university or members of the PLU community. While data security policies are designed to minimize the risk of such breaches, incident management and response policies must also be in place to guide institutional response if/when breaches do occur.

For the purposes of this policy, an incident is an event that threatens the integrity of PLU data or the availability of the systems or networks that enable access to the information. A security breach is the unauthorized acquisition of university data that undermines the integrity or confidentiality of personal information. Incidents are further differentiated between critical incidents (including security breaches) and non-critical incidents (such as temporary unavailability of a non-critical segment of the network).

All critical incidents must be reported to the Office of the Chief Administrative Officer and to the Director for I&TS Enterprise Systems.

Incidents include but are not limited to:

  • Suspected unauthorized access to, or disclosure of, university data.
  • Denial of service to university systems or denial of access to university data.
  • Suspected inappropriate use of university data.

Upon receipt of an incident report, the receiving officer will determine if the incident is critical or non-critical. In the case of a non-critical incident, the officer’s response will be to inform appropriate others of the report and to set into motion resolution or investigation of the incident in a timely (but not necessarily urgent) fashion. In the case of a critical incident, the officer will immediately inform the other officers and activate the appropriate incident response procedures maintained by I&TS and partner departments across campus.