The page uses Browser Access Keys to help with keyboard navigation. Click to learn moreSkip to Navigation

Different browsers use different keystrokes to activate accesskey shortcuts. Please reference the following list to use access keys on your system.

Alt and the accesskey, for Internet Explorer on Windows
Shift and Alt and the accesskey, for Firefox on Windows
Shift and Esc and the accesskey, for Windows or Mac
Ctrl and the accesskey, for the following browsers on a Mac: Internet Explorer 5.2, Safari 1.2, Firefox, Mozilla, Netscape 6+.

We use the following access keys on our gateway

n Skip to Navigation
k Accesskeys description
h Help

Request Information

Enter Your First Name.
Enter Your Last Name.
Enter Your E-mail Address.
Enter Your Phone Number
Enter Your Date of Birth.
Enter Your Address.
Enter Your City.
Enter Your Zip Code.
Enter Your Gender
Please select an area you are interested in from the dropdown.
choose the semester you plan to enroll at Chattanooga State.
Please submit any other information or inquiries in this box.
    Chattanooga State Technical Community College
   
 
  Nov 21, 2017
 
 
    
Policies

08:15:00 Security Incidence Response


Technology Division
08:15:00 Security Incidence Response

 
  1. Introduction: This policy constitutes the guidelines necessary to manage a security incident response required for possible computer resource, institutional data loss and/or for the litigation hold process. This policy is intended to be an addition to existing college policies and regulations and does not alter or modify any existing college policy or regulation. This policy is to be used in conjunction with ChSCC 05:12:01 Sensitive Equipment Policy and TBR B-080 Reporting and Resolution of Institutional Losses.
    1. The term "resource" College-owned or operated computing resources including, computer hardware and software, computer network access and usage, internet and email usage, security and privacy of all data created and maintained by the College, (i.e. student, research, financial, payroll/personnel, etc.)
    2. All data created by the College, except where superseded by grant or other contracts, or by Copyright Law, will be protected regardless of medium on which it resides, (including paper, in electronic form on disk, hard drive or flash drive, etc.) and regardless of form (e.g., text, graphics, video, voice, etc.)
  2. This policy includes all ChSCC staff (including contractors and student workers), faculty, students, authorized users and visitors that have access to College facilities, computing resources or College data. Review ChSCC Technology Division's Policies 08:13 Computer Passwords, 08:14 Technology Responsible Use, 08:16 Data Security policies, and other policies as necessary. Use of ChSCC sensitive data, even when carried out on a privately owned computer that is not managed or maintained by ChSCC, is also governed by this policy.
  1. When an incident of fraud, waste, abuse and/or loss of information technology resources is suspected, the ChSCC VP of Technology, or designee, should be notified as soon as possible. If the possible loss of sensitive data is suspected, notification must happen as soon as possible on the same business day of detection. The ChSCC Police will be notified and the Security Incident Response Plan will be started.The Technology designee and ChSCC Police will provide chain of access control. (Refer ChSCC 05:12:01 and TBR Guideline B-080.) The following actions will be taken immediately:

1.  Technology Division Technical Support and ChSCC Police will take possession of resource, hard drive, etc. that needs to be controlled pending further investigation. If this will also include a litigation hold on user accounts, notify Executive Director, Information Management in Technology Division. (Refer to TBR Guideline G-075 Litigation Hold Notice.) The ChSCC Police and Technical Support will go together to take possession of the resource.

2. Technical Support and ChSCC Police will pick up the resource and deliver to Technical Support office. Chain of custody documentation will be signed and a copy provided to ChSCC Police and Technology Division VP.

3. Full back-up is made of data on resource, if needed, and resource will be locked in office until it's determined who gets custody of the resource.

4.  Person who gets custody of the resource will contact Technical Support and will fill out all necessary forms required to release the resource. Form will then be kept on file.

5.  Internal Audit will be notified as appropriate in compliance with the ChSCC Fraud, Waste, and Abuse policy 11:12:06. 

  1. Depending upon scope of incident, a Security Incident Team should be implemented to review incident, ensure policies are followed and own the situation until it is resolved. Suggestions for membership on this team should be determined by the Executive Cabinet and include ChSCC Auditor to ensure proper management of the incident. This team should make a preliminary investigation to identify known facts. The reporting individual and his or her supervisor will also be part of this preliminary investigation.
    1. The Security Incident Team will make initial determination, based on TBR 4:01:05:50 Preventing and Reporting Fraud, Waste or Abuse and TBR Guideline B-080, on whether an official incident response report to TBR is required and if FERPA and/or other sensitive data loss require customer/student notification under Tennessee Code, Title 47 Chapter 18, and Part 21. Because such reports of issues are confidential, they should only be shared on a need-to-know basis. As soon as possible after initial investigation is completed, the IT designee or another individual on the Security Incident Team will follow TBR Guideline B-80 Reporting and Resolution of Institutional Losses.
    2. When needed, the Security Incident Team should activate a Technical Investigation Team to determine possible impacts due to the type of incident. VP of Technology will assist with determining who needs to be on this team. Members of this team will include those individuals with technical skills that can properly evaluate the situation.
    3. If customer/student notification, due to loss of FERPA and/or other sensitive data, is required and the Security Incident Team's recommendation is agreed with, the College President and other individuals are notified immediately as required by TBR 4:01:05:50 Preventing and Reporting Fraud, Waste or Abuse and TBR Guideline B-080. Currently any data breach issues will need to be reported to Chief Audit Executive and Investigative Auditor. Customers/students impacted by loss of data are notified as required by Tennessee Code, Title 47 Chapter 18, Part 21.
    4. Any official of any agency of the state having knowledge that a theft, forgery, credit card fraud, or any other act of unlawful or unauthorized taking, or abuse of, public money, property, or services, or other shortages of public funds has occurred shall report the information immediately to the office of the Comptroller of the Treasury (T.C.A. § 8-19-501(a)).
  1. All responses to the media and outside agencies not involved in the required reporting will be handled through the Office of the President. Once the incident has been handled as required, the Security Incident Team prepares a "Lessons Learned" document for Executive Council review and takes actions as directed to prevent future re-occurrences.

References:

  1. State of Tennessee Department of Finance and Administration Strategic Technology Solutions 2:01, 12/15/2016
  2. Tennessee Code Annotated Title 47, Chapter 18, Part 21
  3. Tennessee Board of Regents (TBR) Information Technology Policy B-080
  4. Tennessee Board of Regents (TBR) Litigation Hold Notice G-75, 11/6/2007
  5. ChSCC 05:21:01 Sensitive Equipment Policy, 1/28/2009
  6. ChSCC Technology Division Policy 08:13 Computer Passwords, 5/30/2017
  7. ChSCC Technology Division Policy 08:14 Technology Responsible Use 5/30/2017
  8. ChSCC Technology Division Policy 08:16 Data Security, 5/30/2017

                                                                                                                                            

Dr. Rebecca Ashford, President                                                                                             October 24, 2017

Signature                                                                                                                                Date Approved

Policy Change

Division Name: Technology Division

Policy Number and Title: 08:15:00 Security Incidence Response

  1. Reformatted the whole policy to new format.
  2. All pages - Information Technology Services was changed to new division name - Technology Division.
  3. Section C including paras 1 - 5 was added

C.  When an incident of fraud, waste, abuse and/or loss of information technology resources is suspected, the ChSCC VP of Technology, or designee, should be notified as soon as possible. If the possible loss of sensitive data is suspected, notification must happen as soon as possible on the same business day of detection. The ChSCC Police will be notified and the Security Incident Response Plan will be started.  The Technology designee and ChSCC Police will provide chain of access control. (Refer ChSCC 05:12:01 and TBR Guideline B-080.) The following actions will be taken immediately:

1.  Technology Division Technical Support and ChSCC Police will take possession of resource, hard drive, etc. that needs to be controlled pending further investigation. If this will also include a Litigation hold on user accounts, notify Executive Director, Information Management in Technology Division. (Refer to TBR Guideline G-075 Litigation Hold Notice.) The ChSCC Police and Technical Support will go together to take possession of the resource.

2.   Technical Support and ChSCC Police will pick up the resource and deliver to Technical Support office. Chain of custody documentation will be signed and a copy provided to ChSCC Police and Technology Division VP.

3. Full back up is made of data on resource, if needed, and resource will be locked in office until it's determined who gets custody of the resource.

4.  Person who gets custody of the resource will contact Technical Support and will fill out all necessary forms required to release the resource. Form will then be kept on file.  

5.  Internal Audit will be notified as appropriate in compliance with the ChSCC fraud, waste, abuse policy 11:12:06. 

4.  Section D, para 2 item 2 was added

When needed, the Security Incident Team should activate a Technical Investigation Team to determine possible impacts due to the type of incident. VP of Technology will assist with determining who needs to be on this team. Members of this team will include those individuals with technical skills that can properly evaluate the situation.

5. Section D, Para 4 was changed to reflect title changes                             Currently any data breach issues will need to be reported to Chief Audit Executive and Investigative Auditor.

 

Dr. Rebecca Ashford, President                                                                 October 24, 2017

Signature                                                                                                    Date Approved