| Procedure Owner | Cori Bergen, CIO |
| Procedure Approver(s) | Cori Bergen, CIO |
| Storage Location | www.sfcc.edu |
| Effective Date | 8/25/2023 |
| Next Review Date | 8/25/2024 |
Purpose
The purpose of this procedure is to ensure that SFCC’s incident response capabilities, used to monitor for security incidents have a maintained quality and integrity. The incident response capabilities determine the magnitude of the threat presented by these incidents, and to respond to these incidents. Without an incident response capability, the potential exists that in the event that a security incident occurs, it will go unnoticed and the magnitude of harm associated with the incident will be significantly greater than if the incident were noted and corrected.
Scope
The Incident Response Procedure applies to all information systems and information system components of Santa Fe Community College Specifically, it includes:
- Servers and other devices that provide centralized computing capabilities.
- SAN, NAS, and other devices that provide centralized storage capabilities.
- Desktops, laptops, and other devices that provide distributed computing capabilities.
- Routers, switches, and other devices that provide network capabilities.
- Firewalls, IDP sensors, and other devices that provide dedicated security capabilities.
Governing Laws & Regulations
| Guidance | Section |
| NIST SP 800-171 | 3.6.1-3.6.3 |
| FERPA | Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) |
| GLBA | Safeguards Rule |
Requirements
Basic Security Requirements:
- An operational incident-handling capability will be developed and implemented for all organizational information systems that house or access SFCC controlled information. The incident response capability will include a defined plan and will address the seven stages of incident response:
- Preparation
- Detection
- Analysis
- Containment
- Eradication
- Recovery
- Post-Incident Activity
- Incidents will be tracked, documented, and reported to appropriate officials and/or authorities both internal and external to the organization.
Derived Security Requirements:
- Incident response capabilities will be tested annually.
- To facilitate incident response operations, responsibility for incident-handling operations will be assigned to an incident response team.
- Incident response plans will be reviewed and, where applicable, revised on a regular Review will be based on the documented results of previously conducted tests or live executions of the incident response plan. Upon completion of plan revision, updated plans will be distributed to key stakeholders.
Incident Response processes
The Office of Information Technology is responsible for documenting and maintaining incident response processes. Accessible to employees. Requires the use of VPN.
Link to process: https://bohr.sfcc.edu/includes/secure_file.cfm?ID=2529&menuID=2000251
Revision History
| Version | Date of Change | Author | Rationale |
| 1.00 | Cori Bergen, CIO | ||
