Incident Response Overview for Cyber and Disasters
This plan strives to clarify responsibilities and actions required to respond, report and review major events at Boise State University.
Roles and Responsibilities
The Incident Response Team will consist of :
- IRP Response Director – has overall management responsibility for the IRP. This can be either the DCIO or the CISO. The first to respond will be the director, unless otherwise agreed upon to switch roles or as appointed by the CIO. The other acts as backup and is ready to rotate if the incident takes multiple days.
- IRP Coordinator – is responsible to oversee assessment, recovery and reconstitution progress, initiate any needed escalations or awareness communications, and establish coordination with other assessment, recovery and reconstitution teams as appropriate.
- IRP Team – Technical staff responsible for deploying recovery and reconstitution efforts as outlined by the IRP Coordinator.
- IRP Communications Lead – Receives direction from RD to provide and direct communications content to Campus Operations Emergency Management and the Office of Communications and Marketing.
- Mission Critical System Owner – is responsible for assisting in mission critical system recovery and reconstitution efforts as requested by the IRP Coordinator.
- Customer Care Staff – is responsible for managing the response and triangle of customer inquiries and client side incidents.
- Legal Contact – General Council or designate with the responsibilities to provides advice as appropriate
At a minimum will consist of a Response Officer, Response Coordinator and at least one Technical Staff. Customer Care, OIT Communications and General Council staff members will be optional as determined by the Director. Team positions may be supplemented by other OIT staff as warranted by the Director.
Below are five elements for successful incident handling and the individuals responsible for taking the action. Multiple individuals or teams will be involved in performing the following:
- Assess the incident
- Respond to the incident
- Notify and Report
- Learn and Improve
Incident Response Team
|Response Director||Deputy CIO
Chief Information Security Officer
|Response Coordinator||Executive Director, Cloud Services and Infrastructure
Senior Security Engineer (Deputy CISO)
|Team||OIT Staff as required|
|Optional Team Members:||Manager of Help Desk or designee
Director of OIT Communications or designee
General Counsel or designee
Created: January 2016
Last Update: February 2022
Next Review: February 2023