• No results found

IT policy breach procedure

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "IT policy breach procedure"

Copied!
9
0
0

Loading.... (view fulltext now)

Download now ( 9 Page )

Full text

(1)

IT policy breach procedure

(2)

Document Location

http://www.ucc.ie/en/it-policies/procedures

Revision History

Date of this revision: 31/12/2012 Date of next revision: Revision

Number

Revision Date

Summary of Changes Changes marked

0.1 1/10/2012 Original

0.2 20/10/2012 Redrafted based on updates from IT department 0.3 14/11/2012 Changes suggested by M Farrell and N Geary in internet

security meeting

Approval

This document requires the following approvals:

Name Title Date

ISMT IS & ER OCLA

(3)

Table of Contents

1. PURPOSE ... 4

2. DEFINITION ... 4

The Digital Estate Working Group (DEWG, [email protected]) ... 4

The Digital Estate Steering Group ... 4

3. ROLES AND RESPONSIBLITIES ... 4

IT Services ... 4

IT Director ... 5

Digital Estate Working Group ... 5

Digital Estate Working Group Steering ... 5

HR ... 5

VP of Student Experience... 5

4. SCOPE ... 6

5. IT Policy breach handling protocol ... 7

(4)

1.

PURPOSE

The purpose of this document is to clarify for management and IT staff, the procedure for handling a breach of existing IT policies arising out of the inappropriate use of technology on the UCC network. The document should provide guidance on the steps to follow to ensure that breaches in IT policies are handled consistently and have appropriate escalation points where required.

2.

DEFINITION

The Digital Estate Working Group (DEWG, [email protected])

The DEWG manage the day-to-day running of the university’s websites and social media presence. The group implements policy, define standards and agrees content on a weekly basis. It is comprised of IT, Marketing and Communications, Media and Public Relations, Registrar’s Office, (reference the Digital Estate Governance Policy for more information).

The Digital Estate Steering Group

The Digital Estate Steering Group comprises representative content directors and interested parties from across the university. These represent the academic, research, student and administrative functions of the university, The Director of IT Services, the Director of Marketing and

Communications, VP of Student Experience, Deputy Corporate Secretary and the Academic Secretary are members of the Digital Estate Steering Group.

Low Severity Incident:

is deemed, in the opinion of the DEWG, as the issue itself breaches our acceptable usage, but not in a way that is personally damaging to the university or to others.

High Severity Incident:

is deemed, in the opinion of the DEWG, as an incident that may result in the following.

 Incidents that may result in disciplinary action against staff or students

 Incidents that may result in the invocation of the university emergency response plan

 Incidents that may result in a legal action or where there are clear legal implications.

 Incidents that may warrant a communication plan for internal or external stakeholders

3.

ROLES AND RESPONSIBLITIES

IT Services

To respond in a timely manner to such notifications/communications and to escalate those matters which cannot be resolved with the user(s) involved to IT Director and relevant management team.

(5)

IT Director

To chair the Digital Estate Working Group, to escalate issues where required or to agree the action plans of issues from the Digital Estate Working Group

Digital Estate Working Group

 To assess incidents/policy breaches and to agree the next steps.

 To escalate more serious issues where appropriate.

 To manage any operational risk to the university, from breaches of approved IT policies.

Digital Estate Working Group Steering

To act as an escalation point for serious incidents or breaches of policy, examples of these include

 Incidents that may result in disciplinary action against staff or students.

 Incidents that may result in the invocation of the university emergency response plan.

 Incidents that may result in a legal action or where there are clear legal implications.

 Incidents that may warrant a communication plan for internal or external stakeholders. Office of Corporate and Legal Affairs (OCLA) will sit on the Steering Group and will offer advice on the legal implications for actions of the Digital Estate Working Group.

HR

Will manage any issues affecting staff via the university’s approved staff disciplinary procedure. Once an issue is escalated to HR, they will manage any further communications with the staff member involved.

VP of Student Experience

Will manage any issues affecting students via the approved student disciplinary procedure. When an issue is escalated to the VP of Student Experience, he manages any further communications with the individuals involved.

(6)

4.

SCOPE

The scope of this procedure includes all incidents relating to breaches of approved UCC IT polices as listed on our website http://www.ucc.ie/en/it-policies/ . This includes

 social media issues

 acceptable use issues, such as on email or websites

 security issues, password loss

 notification of loss of sensitive equipment, hardware

 copyright Infringement issues

(7)

5.

IT Policy breach handling protocol

Notification of breach of IT policy Please contact us as follows

 Call 2120

 Email [email protected]

DEWG notified and incident logged on IT Helpdesk Is Escalation Required ?  Reputational  Data Protection  Emergency  Disciplinary Follow EMT action Cards &

Process Notify DEWG

Steering to agree Action plan

Agree Actions

 Contact User to inform them their actions breach our policy

 Begin a website/social media Take Down process,

 Remove user from mailing lists, or Disable account, network

 Contact Facebook or other 3rd parties with take down request

Type of Escalation Taken up by Staff Paul Ryan Student Ian Pickup

Disciplinary

Emergency

Track Actions and Close Incident IT investigate the

issue, gather information and advise the Director

of IT Notify OCLA Invoke procedure for DP breach Create Data protection report for UMTO Data Protection issue

No

Yes

(8)

Step Action Executor

If a user (Staff or Student) notices a breach of IT policy, for example Abuse of email

Abuse of social media

Any form of Cyber bullying or harassment. They should

Email: [email protected] where the issues will be analysed or dealt with, if they cannot email, they can call the IT Helpdesk on 2120 and report the issue

2 The e-mail is forwarded to the relevant IT services team for more

detailed analysis and a response from IT Team is sent to Director of IT, as chair of the DEWG.

DEWG

3 IT Services validate the plausibility of the abuse claim based on IP address and time

a. Was the activity likely to have been running on that IP address at that time?

b. Was that IP address in use by the expected node? c. Are the email signatures valid and authentic?

SNE

7 If the issue is a high severity matter or if the user/owner is unwilling to comply or has ignored previous warnings, DEWG should escalate the matter to the chair {IT Director} who will escalate to the DEWG Steering. Escalation will normally take place when the issue is related to

 Reputational Damage to the University

 Data protection damage

 A disciplinary matter

 Emergency

Otherwise the DEWG will deal with the issue

IT Director

5 From the DEWG mailbox, IT Director will contact user/owner a. Advise them of the complaint

b. Request immediate removal of the material

c. Remind/warn them of their responsibilities under AUP Depending on the issue, Other actions may include

Removal of the account from distribution lists

Removal of offensive material from site or social media Writing to Social media providers to remove material

DEWG

8 Where the issue has been escalated, DEWG Steering will advise on next steps with respect to the user

IT Director 9 If the issue requires staff disciplinary action, DEWG Steering will escalate

to Paul Ryan in HR, who will manage the issue through the staff disciplinary channel.

Paul Ryan

10 If the issue requires student disciplinary action, DEWG Steering will escalate the matter to the VP of Student Experience who will take charge of the issue and follow Student disciplinary action policy

Ian Pickup

11 In the case of incident resulting in an emergency, DEWG Steering will invoke the Emergency Repsonse Plan and relevant action cards will be followed

DEWG Steering EMT plan 12 If the issue puts at risk the reputation of the University, Trevor Holmes

will take the lead on the matter.

Trevor Holmes 13 If the issue is a data protection matter, email [email protected] and follow the

data protection breach procedure.

(9)

6.

CLAIMS HANDLING EXAMPLES

Scenario

Low impact: Copyright Infringement notice Mistaken breach of policy, unwelcome social media comments

High impact:

Abusive email/ offensive social media complaint made against a member of staff

References

Download now ( PDF - 9 Page - 486.61 KB )

Related documents

Location Skills Audit

Oxford Intelligence - UK Adults with Technical IT Skills March 2007.. The

Home Insurance Buildings & Contents. Product disclosure statement and policy booklet

You can make a claim if a listed event you are covered for takes place and causes loss or damage to your home or contents during the policy period.. The listed events we cover

Chapter 7

b In cell B11, write a formula to find Condobolin’s total rainfall for the week.. Use Fill Right to copy the formula into cells C11

Household Financial Services

Consumer Protection Consumer Protection Insurance Insurance Life Insurance Non-life Insurance. z Reserve requirement must be maintained z Complaint channel

0715CD107

The performance involves the participation of the king of Ataoja of osogbo, Arugba (votary mad) Aworo Osun , Iya Osun (chief priest and priestess), and the entire  people

Dick Weissman - Guitar Tunings a Comprehensive Guide

h e following few pages are devoted to using standard tuning but involve playing of chords in dif erent positions of the neck that utilize open strings. h is simulates the ef

Institute of Therapeutic Massage Of Western Colorado, LLC North 7 th Street, Unit A Grand Junction, Colorado 81501

If a student has an issue/grievance with the school, the procedure for the student to follow should be to present the complaint, in writing, to the Director of the School to

Investigation of the adoption of telemedicine technology in the Kuwaiti health system: Strategy and policy of implementation for overseas referral patients

The aim of this research is to investigate the readiness of the key stakeholders in regard to telemedicine system adoption in the Kuwaiti healthcare system,