Security Incident Procedures Policy
Approved by Executive Council on June 7, 2011
|Policy Number||Policy Owner|
|10009.1.P||Library and Information Technology Services|
To establish a policy to reflect SUNY Plattsburgh’s commitment to promptly identify, report and respond to security incidents in accordance with New York State law.
2.0 Revision History
3.0 Units and Persons Affected
- SUNY Plattsburgh staff members responsible for the management of SUNY Plattsburgh’s electronic media and electronic communications network.
- SUNY Plattsburgh staff members and business associates with access to systems containing sensitive information.
- SUNY Plattsburgh has implemented a documented process for promptly identifying security
incidents. The process is based on the SUNY Cyber Security Incident reporting procedure
and the local reporting process will include the following:
- Any unusual or serious cyber security incident will be reported immediately by an employee to their direct supervisor.
- If the cyber security incident meets the threshold of reporting, the direct supervisor will consult with SUNY Plattsburgh’s Information Security Officer; the initial alert procedure will be followed.
- SUNY Plattsburgh’s Information Security Officer will alert the Provost, President, Emergency Management Director and Public Relations, if appropriate.
- The NYS CSCIC Incident Notification Report: Initial Report and Final Report will be filed in a timely manner.
- Electronic media
- Security incident
- Sensitive Information
- Staff member
All SUNY Plattsburgh staff members will comply with this policy.
SUNY Cyber Incident Reporting Procedures