Purpose:

The purpose of this policy is to provide the basis of appropriate reporting of incidents that threaten the confidentiality, integrity, and availability of university information assets, information systems, and the networks that deliver the information. This policy underlies the establishment and ongoing deployment of trained computer security incident response teams, formed with the purpose of managing security incidents at Northeastern State University (NSU). This effort is being taken to improve the response time for resolving incidents, provide consistent response, and improve incident reporting.  

The department of Computing and Telecommunications (C&T) supports and protects open access to pursue all academic endeavors and to share information. Access to information systems and the network supports the academic community by providing an interchange of information using a variety of media. NSU’s network has become a mission critical resource and should be used properly. In order to better protect campus users, critical resources, and sensitive data, all incidents should be reported and investigated.  

Scope:

This policy applies to the use of any NSU’s technology resources.  

Policy:

Users of computer devices that are connected to the NSU network must report all computer security incidents promptly to the C&T. Reported incidents will be classified and handled according to the procedures set forth in the NSU’s Incident Response Plan.

In order to properly classify and investigate an incident, any records or data that are related to an incident and are under the authority of, or coming in the custody, control or possession of the university, must be made available to the Director of C&T or designee upon request.  

To ensure the integrity of the network during an incident, it may be necessary to disconnect a host, a group of hosts, or a network that is disrupting services to others. This includes hosts that are used by unauthorized parties to attack other systems on the NSU Network.  

Definitions:

Computer Security Incident - an anomalous event, which results in a loss of confidentiality, disruption of data or system integrity, or disruption or denial of availability of a computer device or network. An incident can be thought of as a violation or imminent threat of violation of Security Policy or standard security practices.

Examples include but not limited to:

Mishandling of Sensitive Data

Denial of Service Attacks

Malicious Code

Unauthorized Access

Inappropriate Usage

NSU Network - any equipment, owned or controlled by NSU, involved in the processing or forwarding of electronic information. These systems include network devices such as routers, switches, and firewalls.         

Computer Device - any device involved in the processing, storage, or forwarding of electronic information. These devices include, but are not limited to, laptop computers, desktop computers, personal digital assistants, and servers.