Security Incident Procedures
Approved by Executive Council on June 7, 2011
To establish a policy to reflect SUNY Plattsburgh’s commitment to promptly identify, report and respond to security incidents in accordance with New York State law.
2.0 Revision History
3.0 Units and Persons Affected
- SUNY Plattsburgh staff members responsible for the management of SUNY Plattsburgh’s electronic media and electronic communications network.
- SUNY Plattsburgh staff members and business associates with access to systems containing sensitive information.
- SUNY Plattsburgh has implemented a documented process for promptly identifying security incidents. The process is based on the SUNY Cyber Security Incident reporting procedure and the local reporting process will include the following:
- Any unusual or serious cyber security incident will be reported immediately by an employee to their direct supervisor.
- If the cyber security incident meets the threshold of reporting, the direct supervisor will consult with SUNY Plattsburgh’s Information Security Officer; the initial alert procedure will be followed.
- SUNY Plattsburgh’s Information Security Officer will alert the Provost, President, Emergency Management Director and Public Relations, if appropriate.
- The NYS CSCIC Incident Notification Report: Initial Report and Final Report will be filed in a timely manner.
- Electronic media
- Security incident
- Sensitive Information
- Staff member
All SUNY Plattsburgh staff members will comply with this policy.
SUNY Cyber Incident Reporting Procedures
For more information about Administrative Policies approved by Executive Council, please contact:
Sean Brian Dermody
Assistant to the Vice President for Administration
Management Services Office
Office: Kehoe 710-11
Phone: (518) 564-2539
Fax: (518) 564-2540