Incident Response Policy and Procedure (IR-1)
Texas A&M University employs documented policies and procedures to mitigate an incident impacting university information resources.
Incident Response Training (IR-2)
The University provides training to personnel in their cybersecurity incident response roles and responsibilities.
Incident Response Testing (IR-3)
The process for testing the effectiveness of the incident response capabilities.
Incident Handling (IR-4)
The university employs documented procedures to handle incidents impacting university information resources.
Incident Monitoring (IR-5)
Incident Monitoring consists of activities such as the review of: user account logs, application logs, data backup and recovery logs, automated intrusion detection system logs, etc.
Incident Reporting (IR-6)
This Control describes the requirements for appropriate reporting of information security incidents that are likely to expand beyond the capability of one unit's ability to manage effectively, or if a security incident is determined to be significant. An information security incident is considered significant if it meets one or more of the following criteria:
- involves actual or suspected unauthorized disclosure of data classified as confidential or higher
- involves unauthorized access or use of information resources
- involves consequential legal issues
- may cause disruption to high impact information resources or university-wide Essential IT services
- involves active threats
- is widespread
- is likely to raise public interest
Incident Response Assistance (IR-7)
The university Chief Information Security Officer (CISO) ensures that a cybersecurity incident response support team is available, integral to the university cybersecurity incident response capability that offers advice and assistance to owners, custodians, and users of information resources for the handling and reporting of cybersecurity incidents.
Incident Response Plan (IR-8)
The purpose of this Control is to provide the basis of effective and appropriate response to incidents that threaten the confidentiality, integrity, and availability of university information resources. The Incident Response Plan provides the procedures for this response, and ensures roles and responsibilities are clearly defined.
Information Spillage Response (IR-9)
Identifies roles and responsibilities for responding to information spills.