Technology Incident Response Policy
The purpose of the technology incident response policy is to provide a standard process in the event of an information security incident in order to protect the institution's data, systems, and reputation.
The scope includes all computing systems and network infrastructure owned or managed by Middlebury.
To report an actual or suspected information security incident, email: firstname.lastname@example.org
- impact financial systems
- prevent the institution from conducting daily business.
- prevent more than 10% of the institution from conducting normal services.
- Or, impact one or more major outside facing services and significantly impact the reputation of the institution or its ability to conduct normal operations.
- involve a major system inside of the institution which significantly impacts operations.
- prevent less than 10% of the insttution from being able to conduct normal services. Or,
- an outside facing service that will have minor impact on the institution's reputation or its ability to conduct normal operations.
- impact a small group of users or isolated services accessed by a small group of users.
- impact a single user.
In the event of a major information security incident, the institution will form a Technology Incident Response Team (TIRT). A major information security incident is an incident that:
- impacts financial systems
- involves fraud
- prevents the institution from conducting daily business.
- prevents more than 10% of the institution from accessing normal services.
- Or, impacts one or more major outward facing services and significantly impacts the reputation of the institution.
The TIRT is responsible for facilitating communication and resolution of the incident. The TIRT is also responsible for formulating and enacting a mitigation plan.
- The TIRT will have standing representatives from Human Resources, Dean of the College, Academic Affairs, Finance, ITS, and Public Safety. Depending on the nature of the incident, not all members may be involved in every incident.
- During a major incident, the TIRT will have the authority to access any pertinent institution-owned system and to remove any system from the network.
- The TIRT may only be activated by the institution’s senior management.
This policy does not preclude the institution from taking prompt action to mitigate a known risk while a longer-term resolution is being developed.