Incident Response Policy and Procedure (IR-1)

Texas A&M University employs documented policies and procedures to mitigate an incident impacting university information resources.

Incident Response Training (IR-2)

The University provides training to personnel in their cybersecurity incident response roles and responsibilities.

Incident Handling (IR-4)

The university employs documented procedures to handle incidents impacting university information resources.

Incident Monitoring (IR-5)

Incident Monitoring consists of activities such as the review of: user account logs, application logs, data backup and recovery logs, automated intrusion detection system logs, etc.

Incident Reporting (IR-6)

This Control describes the requirements for appropriate reporting of information security incidents that are likely to expand beyond the capability of one unit’s ability to manage effectively, or if a security incident is determined to be significant. An information security incident is considered significant if it meets one or more of the following criteria: • involves actual or suspected unauthorized disclosure of confidential information • involves consequential legal issues • may cause severe disruption to unit mission critical services or university-wide Essential IT services • involves active threats • is widespread • is likely to raise public interest

Incident Response Assistance (IR-7)

The university Chief Information Security Officer (CISO) ensures that a cybersecurity incident response support team is available, integral to the university cybersecurity incident response capability that offers advice and assistance to owners, custodians, and users of information resources for the handling and reporting of cybersecurity incidents.

Incident Response Plan (IR-8)

The purpose of this Control is to provide the basis of effective and appropriate response to incidents that threaten the confidentiality, integrity, and availability of university data, assets, information systems, and networks. The Incident Response Policy Control provides the procedure and process for monitoring, detection, response, documentation, and appropriate reporting internally and externally. Finally, the Control establishes responsibility and accountability for all steps in the process of addressing computer security incidents. Further, it is the purpose of this Control to ensure computer security incidents that threaten the security or privacy of confidential information are properly identified, contained, investigated, and remedied.