Skip to main content

Incident Response Overview for Cyber and Disasters

Document Purpose

This plan strives to clarify responsibilities and actions required to respond, report and review major events at Boise State University.

Roles and Responsibilities

The Incident Response Team will consist of :

  • IRP Response Director – has overall management responsibility for the IRP. This can be either the DCIO or the CISO. The first to respond will be the director, unless otherwise agreed upon to switch roles or as appointed by the CIO. The other acts as backup and is ready to rotate if the incident takes multiple days.
  • IRP Coordinator – is responsible to oversee assessment, recovery and reconstitution progress, initiate any needed escalations or awareness communications, and establish coordination with other assessment, recovery and reconstitution teams as appropriate.
  • IRP Team – Technical staff responsible for deploying recovery and reconstitution efforts as outlined by the IRP Coordinator.
  • IRP Communications Lead – Receives direction from RD to provide and direct communications content to Campus Operations Emergency Management and the Office of Communications and Marketing.
  • Mission Critical System Owner – is responsible for assisting in mission critical system recovery and reconstitution efforts as requested by the IRP Coordinator.
  • Customer Care Staff – is responsible for managing the response and triangle of customer inquiries and client side incidents.
  • Legal Contact – General Council or designate with the responsibilities to provides advice as appropriate

At a minimum will consist of a Response Officer, Response Coordinator and at least one Technical Staff. Customer Care, OIT Communications and General Council staff members will be optional as determined by the Director. Team positions may be supplemented by other OIT staff as warranted by the Director.

Incident Handling

Below are five elements for successful incident handling and the individuals responsible for taking the action. Multiple individuals or teams will be involved in performing the following:

  • Identify
  • Assess the incident
  • Respond to the incident
  • Notify and Report
  • Learn and Improve

Incident Response Team

Team RolePersonnel
Response DirectorDeputy CIO
Chief Information Security Officer
Response CoordinatorExecutive Director, Cloud Services and Infrastructure
Senior Security Engineer (Deputy CISO)
TeamOIT Staff as required
Optional Team Members:Manager of Help Desk or designee
Director of OIT Communications or designee
General Counsel or designee

Updates

Created: January 2016

Last Update: February 2022

Next Review: February 2025