Administrative Overview

Academic Policies

Administrative Policies

Employee Policies

SUNY PLATTSBURGH

SECURITY INCIDENT PROCEDURES

Approved by Executive Councile on June 7, 2011

Purpose
To establish a policy to reflect SUNY Plattsburgh’s commitment to promptly identify, report and respond to security incidents in accordance with New York State law.

Revision History
N/A

Persons Affected
SUNY Plattsburgh staff members responsible for the management of SUNY Plattsburgh’s electronic media and electronic communications network.
SUNY Plattsburgh staff members and business associates with access to systems containing sensitive information.

Policy
SUNY Plattsburgh has implemented a documented process for promptly identifying security incidents. The process is based on the SUNY Cyber Security Incident reporting procedure and the local reporting process will include the following:
Any unusual or serious cyber security incident will be reported immediately by an employee to their direct supervisor.
If the cyber security incident meets the threshold of reporting, the direct supervisor will consult with SUNY Plattsburgh’s Information Security Officer; the initial alert procedure will be followed.

SUNY Plattsburgh’s Information Security Officer will alert the Provost, President, Emergency Management Director and Public Relations, if appropriate.
The NYS CSCIC Incident Notification Report: Initial Report and Final Report will be filed in a timely manner.

Definitions
Electronic media
Security incident
Sensitive Information
Staff member

Responsibilities
All SUNY Plattsburgh staff members will comply with this policy.

Procedures
N/A

Documents
SUNY Cyber Incident Reporting Procedures

Contact Information

For more information about Administrative Policies approved by Executive Council, please contact:

Cindy E. Fuller
Management Services Coordinator
Management Services Office
Office: Kehoe 710-11
Phone: (518) 564-2538
Fax: (518) 564-2540
Email: fullerc@plattsburgh.edu