Reporting Cyber Security Incidents Policy

Describes the process for reporting information security incidents and events.

Policy Information

Policy Number	Policy Owner
10018.3	Information Technology Services

Policy Number

Policy Owner

10018.3

Information Technology Services

1.0 Purpose

2.0 Revision History

Date	Version Number	Change Description	Referenced Section
2/10/05	1.0	New Document	Entire Document
10/6/14	2.0	Major Revisions
12/13/18	2.2	Minor Revisions
2/1/22	2.3	Minor Revisions	Owner Name
10/2/25	3.0	Major Revisions	1.0, 2.0, 3.0, 4.0, 5.0, 6.0, 7.0, 9.0

Date

Version Number

Change Description

Referenced Section

2/10/05

1.0

New Document

Entire Document

10/6/14

2.0

Major Revisions

12/13/18

2.2

Minor Revisions

2/1/22

2.3

Minor Revisions

Owner Name

10/2/25

3.0

Major Revisions

1.0, 2.0, 3.0, 4.0, 5.0, 6.0, 7.0, 9.0

Review Process / Approval

Action:	Units	Date
Policy Review	Information Technology Services Management Services
Policy Approval	Office of Information Technology	2/10/05

Action:

Units

Date

Policy Review

Information Technology Services
Management Services

Policy Approval

Office of Information Technology

2/10/05

3.0 Units and Persons Affected

All users of college-provided technology services including, but not limited to, faculty, staff, volunteers, students, and employees of the Research Foundation, College Auxiliary Services, and other permitted third-party organizations.
4.0 Policy

All users of campus systems are required to promptly report any “unusual or serious cyber security incident” to the director of Information Technology Services. If there is any ambiguity about whether an event should or should not be reported, err on the side of reporting it.
5.0 Definitions
Cybersecurity Event:
- An observable occurrence within a system.
- Can be benign, like a user logging in or a firewall allowing a packet.
- Can be suspicious, like a user attempting to log in outside of allowed hours.
- Can be malicious, like a virus scan finding malware.
- A broad term encompassing all types of occurrences.
- Examples: user login, server restart, firewall activity, malware scan results.
Cybersecurity Incident:
- A cybersecurity event with a negative impact on the organization.
- Breaches security policies, compromises confidentiality, integrity, or availability (CIA).
- Requires immediate attention and response.
- Examples: data breach, malware infection, ransomware attack, denial of service.
6.0 Responsibilities
7.0 Procedures
8.0 Forms
9.0 Appendix
Related Policies
- SUNY Plattsburgh Policy #10019.2 – Responsible Use of Technology Resources Policy
- SUNY Information Security Policy 6900

10.0 Distribution and Training

Method	Date
Campus Handbook	N/A
Faculty / Staff Digest	11/7/25
Student Digest	N/A
Other	N/A

Method

Date

Campus Handbook

N/A

Faculty / Staff Digest

11/7/25

Student Digest

N/A

Other

N/A

There are no specific trainings identified with this policy.

For additional information about this policy, please contact the policy owner listed above.

Contact Us

TJ MyersDirector of ITS, Chief Information Officer215 Feinberg Library2 Draper AvenuePlattsburgh, NY 12901Phone: 518-564-2449[email protected]

For questions about the Campus Handbook

Renee MarcotteInternal Control/Risk Management Coordinator710 Kehoe Building101 Broad StreetPlattsburgh, NY 12901Phone: 518-564-2537[email protected]

Contact Us

TJ MyersDirector of ITS, Chief Information Officer215 Feinberg Library2 Draper AvenuePlattsburgh, NY 12901Phone: 518-564-2449[email protected]

For questions about the Campus Handbook

Renee MarcotteInternal Control/Risk Management Coordinator710 Kehoe Building101 Broad StreetPlattsburgh, NY 12901Phone: 518-564-2537[email protected]