SECURITY INCIDENT PROCEDURES

SUNY PLATTSBURGH

SECURITY INCIDENT PROCEDURES

Approved by Executive Councile on June 7, 2011

Purpose

To establish a policy to reflect SUNY Plattsburgh’s commitment to promptly identify, report and respond to security incidents in accordance with New York State law.

Revision History

N/A

Persons Affected

SUNY Plattsburgh staff members responsible for the management of SUNY Plattsburgh’s electronic media and electronic communications network.

SUNY Plattsburgh staff members and business associates with access to systems containing sensitive information.

Policy

SUNY Plattsburgh has implemented a documented process for promptly identifying security incidents. The process is based on the SUNY Cyber Security Incident reporting procedure and the local reporting process will include the following:

Any unusual or serious cyber security incident will be reported immediately by an employee to their direct supervisor.

If the cyber security incident meets the threshold of reporting, the direct supervisor will consult with SUNY Plattsburgh’s Information Security Officer; the initial alert procedure will be followed.

SUNY Plattsburgh’s Information Security Officer will alert the Provost, President, Emergency Management Director and Public Relations, if appropriate. 

The NYS CSCIC Incident Notification Report: Initial Report and Final Report will be filed in a timely manner.

Definitions

·         Electronic media

·         Security incident

·         Sensitive Information

·         Staff member

Responsibilities

All SUNY Plattsburgh staff members will comply with this policy.

Procedures

N/A

Documents

SUNY Cyber Incident Reporting Procedures

Contact Information

For more information about Administrative Policies, please contact:

Diana LaPorte
Associate Vice President for Administration
Office: Kehoe 710-11
Phone: (518) 564-2539
Fax: (518) 564-2540
Email: laportdm@plattsburgh.edu