DISTRICT IT INCIDENT RESPONSE POLICY

DISTRICT IT INCIDENT RESPONSE POLICY

po7540.09Adopted April 10, 2007Revised October 15, 2024

7540.09 - DISTRICT IT INCIDENT RESPONSE POLICY

  1. This policy outlines the procedures for identifying, responding to, reporting, and resolving computer security incidents within the District. An incident is defined as "any occurrence that involves a violation of an explicit or implied security policy." According to the SANS Institute, an adverse cyber security event is "an event that compromises the confidentiality, integrity, or availability of an information system or network, or poses a threat to such a system or network." This includes, but is not limited to, unauthorized access, data breaches, malware infections, denial of service attacks, and other malicious activities that may disrupt or damage the District's technology infrastructure.
  2. Technology Associates located at each site are typically the first line of response for the Educational Technology (ET) department. They are often the first to notice or observe a policy violation or abnormal system activity. Teachers and other school staff should report any issues directly to the Technology Associates. The District expects Technology Associates to leverage their expertise to analyze and assess the reported issues and escalate them as necessary. Our Technology associates are supported by district staff with access to additional tools and expertise to help address security incidents. 
  3. The Help Desk serves as the primary point of contact for incident notification and security reporting. All security incident reports should be submitted through the Help Desk system to ensure proper assignment and tracking. This centralized approach helps in maintaining accurate records and facilitates timely response.
  4. Office of Educational Technology and District Operations may need to collaborate depending on the nature of the incident. District Operations will focus on ensuring the protection of staff, students, and the District’s physical infrastructure. This includes addressing physical security concerns and coordinating with external law enforcement if required. The Office of Educational Technology will concentrate on technical aspects of the incident, such as addressing unauthorized access attempts, malware infections, or other technology-related issues. They will support District Operations as needed to complete investigations and remedial actions.
  5. Additional Guidelines
     
    1. Incident Classification: All incidents should be classified based on their severity and potential impact. This classification will determine the appropriate response level and escalation process.
    2. Communication: During an incident, clear communication is critical. The Help Desk should maintain regular updates on the status of the incident and any steps taken. All stakeholders, including affected staff and students, should be kept informed as appropriate.
    3. Documentation: Detailed documentation of each incident, including actions taken and decisions made, is essential. This documentation will be used for post-incident analysis and to improve future response efforts.
    4. Training and Awareness: Regular training sessions should be conducted for all staff to recognize and respond to potential security incidents effectively. Awareness programs should be implemented to keep staff informed about current cyber threats and best practices for maintaining security.
    5. Review and Improvement: After resolving an incident, a review should be conducted to assess the response process and identify areas for improvement. Lessons learned should be used to refine policies and procedures to enhance the District’s overall security posture.
  6. This policy aims to ensure a comprehensive approach to managing IT incidents, protecting the integrity of the District’s technology infrastructure, and safeguarding the welfare of its students and staff.

Revised 10/28/14
Revised 10/15/24

© Brevard County Public Schools 2024