Security Incident Procedures Policy
Reflects the campus' commitment to promptly identify, report, and respond to security incidents in accordance with New York State law.
|Policy Number||Policy Owner|
|10009.1.P||Information Technology Services|
- 1.0 Purpose
- 2.0 Revision History
- 3.0 Units and Persons Affected
- 4.0 Policy
SUNY Plattsburgh has implemented a documented process for promptly identifying security incidents. The process is based on the SUNY Cyber Security Incident reporting procedure and the local reporting process will include the following:
- Any unusual or serious cyber security incident will be reported immediately by an employee to their direct supervisor.
- If the cyber security incident meets the threshold of reporting, the direct supervisor will consult with SUNY Plattsburgh’s Information Security Officer; the initial alert procedure will be followed.
- SUNY Plattsburgh’s Information Security Officer will alert the Provost, President, Emergency Management Director and Public Relations, if appropriate.
- The NYS CSCIC Incident Notification Report: Initial Report and Final Report will be filed in a timely manner.
- 5.0 Definitions
- 6.0 Responsibilities
- 7.0 Procedures
- 8.0 Forms
- 9.0 Appendix
- 10.0 Distribution and Training
For additional information about this policy, please contact the Policy Owner listed above.