Description

This Control describes the requirements for appropriate reporting of information security incidents that are likely to expand beyond the capability of one unit’s ability to manage effectively, or if a security incident is determined to be significant. An information security incident is considered significant if it meets one or more of the following criteria: • involves actual or suspected unauthorized disclosure of data classified as confidential or higher • involves unauthorized access or use of information resources • involves consequential legal issues • may cause disruption to high impact information resources or university-wide Essential IT services • involves active threats • is widespread • is likely to raise public interest Common events that are detected, mitigated, and restored within a reasonable amount of time, by locally available unit staff, are not considered significant under this control. Information resource users may not recognize that an information security incident has occurred. These issues are frequently difficult to identify and require analysis to determine if there has been an incident and the impact of the incident. Therefore, it is imperative that users report suspected incidents immediately.

Applicability

  • This procedure applies to all information resource owners or designees, custodians, users and third parties who are responsible for Texas A&M University information resources.

Implementation

  • 1

    Anyone may report illegal, disruptive, or suspicious activity impacting Texas A&M information resources at any time to the Division of IT Helpdesk ( helpdesk@tamu.edu or (979)-845-8300),

  • 2

    Known or suspected security incidents must be reported immediately to either:

    • 2.1

      TAMU Helpdesk Central: (979) 845-8300 or helpdesk@tamu.edu, or

    • 2.2

      TAMU Security Incident Reporting: security@tamu.edu.

  • 3

    The university CISO has reporting responsibilities to the Texas Department of Information Resources for security incidents that are assessed to:

    • 3.1

      Propagate to other university or state systems;

    • 3.2

      Result in criminal violations that shall be reported to law enforcement; or

    • 3.3

      Involve the unauthorized disclosure or modification of confidential information, e.g., sensitive personal information as defined in §521.002(a)(2) of Texas Business and Commerce Code, and other applicable laws that may require public notification.

  • 4

    If the security incident is assessed to involve suspected criminal activity (e.g., violations of Chapter 33 or Chapter 33A Texas Penal Code), the security incident shall be investigated, reported, and documented in a manner that restores operation promptly while meeting the legal requirements for handling of evidence.