| Knowing how to report computer security incidents at UTHSC is required of all faculty, staff and students. Those who support computer systems at UTHSC must also also be familiar with and follow the policy and procedures for handling and documenting security incidents. The UTHSC policy covering Incident Response is found under UTHSC Policies.
|
| |
| Note that a Security Incident is defined as :
|
| |
The attempted or successful unauthorized access, use,
disclosure, modification, or destruction of information
or interference with system operations in an information
system. |
| |
| Security Incident response concerns two classes of individuals: "Reporters" who identify an event and report the event to the Helpdesk, to the Compliance office, to the Security Officer or to some technican for resolution; and "Handlers" who respond to and are responsible for resolving the problem caused by the event and documenting the results. |
Remediation and documentation requirements proceed according to these criteria:
- 1. If the event is not a Security Incident or involve ePHI, then remediation should proceed. Documentation with a Security Incident Report is not required.
- 2. If the event is a Security Incident or involves ePHI, and is solely the result of a lack of current updates or patches or antivirus software, then Handlers should proceed with remediation without the involvement of the Security Team. Documentation with a Security Incident Report is required.
- or 3. If the event is a Security Incident or involves ePHI, and is not solely the result of a lack of current updates or patches or antivirus software, then remediation activities must stop and the Security Director must be notified. Remediation will then proceed with the involvement of a Security Team under direction of the Security Director. Documentation with a Security Incident Report is required.
|
