Statement

West Texas A&M University will develop an incident response plan that describes the requirements for dealing with computer security incidents including prevention, detection, response, remediation, and reporting.

Applicability

This Control applies to all West Texas A&M network information resources. The intended audience for this Control includes all information resource owners, custodians, and users of information resources.

Implementation

The Incident Response Plan shall:

• Provide WTAMU with a roadmap for implementing its incident response capability;
• Describe the structure and organization of the incident response capability;
• Provides a high-level approach for how the incident response capability fits into the overall University;
• Meet the unique requirements of the University, which relate to mission, size, structure, and functions;
• Define reportable incidents;
• Provide metrics for measuring the incident response capability within the University;
• Define the resources and management support needed to effectively maintain and mature an incident response capability; and
• Be reviewed and approved by Chief Information Officer.

The ISO shall:

• Distribute copies of the incident response plan to incident response personnel responsible for information system restoration
• Review the incident response plan;
• update the incident response plan to address system changes or problems encountered during plan implementation, execution, or testing
• Communicates incident response plan changes to organization-defined incident response personnel

The Incident Response Plan shall be considered confidential and protected from disclosure or unauthorized modification.