OSU will designate an individual who will be responsible for implementing and adhering to the security incident policies and procedures.
OSU will determine through a variety of security mechanisms, such as UserIDS, password protection, anti-virus software and audit trails when security incidents have occurred.
Security incidents must be reported by personnel who observe questionable activity. Personnel identified security incidents are reported to the person’s direct supervisor or higher level or management who in turn reports the incident to the person designated to be responsible for the security incident policies and procedures.
OSU will periodically monitor user activity, including password activity, virus scans, and audit trails to determine if any security incidents have occurred.
Following the identification of a security incident, the first priority must be to communicate the details of the incident to the IT Director and/or technical systems manager to expeditiously log and begin resolving the issue. Also, the Medical Director and the business office director should be notified of the incident.
Once alerted to the incident, the technical staff will access the appropriate part of the computer system as quickly as possible. If more than one incident occurs simultaneously, the most critical issue will be addressed first. If necessary, OSU Stillwater Security Staff may be utilized to conduct computer forensics and analysis. In some instances, OSU legal counsel will be involved.
The incident(s) will be immediately logged on a security incident log. OSU will take necessary and reasonable steps to respond to and address all identified and confirmed security incidents. All responses will be logged into a security incident log. The log will be kept for 6 years.
If the incident cannot be resolved and could potentially cause disruptions among other employees such that it will inhibit them from performing their assigned job responsibilities, the appropriate director will notify the staff of the situation via the appropriate communications media (ie. email, telephone, verbally, or in writing). Affected staff will be notified of the estimated time necessary to address the security incident.
Once the issue has been resolved, the System Administrator or Security Official will notify staff of the resolution via email, telephone, verbally, or in writing. If there are new procedures which must take place a result of the reported incident, these must be distributed to employees as well. The practice should select the communication media that works best under the circumstances.
Sample Security Incident Log:
| Incident |
Time/Date Incident Reported |
Time/Date Incident Occurred |
Incident Reported By |
Incident Handled By |
Practice Individuals Notified |
Responses |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
