Skip to Content

Information Security Office
Policy Index
Information Security Incident Management
Supplemental Policy
Number: 8075.0 Revised: August 15, 2010

All information security incidents must be reported in a timely manner to the Information Security Officer.  Security incidents include theft, loss, damage or compromise to information systems and data, known vulnerabilities and exploits, website defacement or compromise, successful malware attacks, denial of services, and other security events as defined by the Information Security Officer.  The incident reporting process used must:

  • Define and categorize incidents.

  • Require reporting of the loss of any computer or network device, with special attention to those potentially containing Level 1 and Level 2 data.

The Incident Response Standard must be used to define, investigate, and respond to all information security incidents. The response process must:

  • Be prompt and timely, mitigating risk and threat as quickly as possible;

  • Designate specific personnel to respond to information security incidents in a timely manner;

  • Include procedures and guidelines for documenting the information security incident that:

    • Identify the types, volume, and costs of security incidents to ensure the campus monitors trends and risks;

    • Determine notification requirements;

    • Implement remediation strategies;

    • Report to executive management.

  • Include processes to facilitate the application of lessons learned from incidents.

  • Support the development and implementation of appropriate corrective actions directed at preventing or mitigating the risk of similar occurrences.

The following notification process is required for information security incidents:

  • If a breach of Level 1 data has occurred or is likely to have occurred, the Information Security Officer or Vice President and Chief Information Officer will immediately notify the President, who will then notify the Chancellor; the Vice President and Chief Information Officer will immediately notify the CSU Assistant Vice Chancellor for Information Technology Services; and the campus Information Security Officer must notify the Senior Director of System-wide Information Security Management.

  • If a breach of Level 2 data has occurred, the campus Information Security Officer must notify the Vice President and Chief Information Officer and the Senior Director of System-wide Information Security Management.

The campus information security incident response plan must be reviewed and tested annually by the Information Security Officer, with results reported to the Vice President and Chief Information Officer.

Back to to Sacramento State Information Security Policy Website

Feedback/Questions/Comments