SECURITY INCIDENT PROCEDURES
Approved by Executive Councile on June 7, 2011
To establish a policy to reflect SUNY Plattsburgh’s commitment to promptly identify, report and respond to security incidents in accordance with New York State law.
SUNY Plattsburgh staff members responsible for the management of SUNY Plattsburgh’s electronic media and electronic communications network.
SUNY Plattsburgh staff members and business associates with access to systems containing sensitive information.
SUNY Plattsburgh has implemented a documented process for promptly identifying security incidents. The process is based on the SUNY Cyber Security Incident reporting procedure and the local reporting process will include the following:
Any unusual or serious cyber security incident will be reported immediately by an employee to their direct supervisor.
If the cyber security incident meets the threshold of reporting, the direct supervisor will consult with SUNY Plattsburgh’s Information Security Officer; the initial alert procedure will be followed.
SUNY Plattsburgh’s Information Security Officer will alert the Provost, President, Emergency Management Director and Public Relations, if appropriate.
The NYS CSCIC Incident Notification Report: Initial Report and Final Report will be filed in a timely manner.
· Electronic media
· Security incident
· Sensitive Information
· Staff member
All SUNY Plattsburgh staff members will comply with this policy.
SUNY Cyber Incident Reporting Procedures
For more information about Administrative Policies, please contact:
Associate Vice President for Administration
Office: Kehoe 710-11
Phone: (518) 564-2539
Fax: (518) 564-2540