Administrative Guideline 1116

Adopted: 
Approved: December 12, 2007
Revised: May 17, 2022

ADMINISTRATIVE GUIDELINE TYPE: Information Technology

ADMINISTRATIVE GUIDELINE TITLE: Employee Guidelines for Reporting Security Incidents

DEPARTMENT RESPONSIBLE: Information Technology

GUIDELINE STATEMENT OF PURPOSE:

Southeastern Community College recognizes the importance of protecting our employees, students and community members from unauthorized access of confidential information. In addition, the College recognizes the importance of protecting our systems (computers, servers, databases, network, etc.) from intrusions causing harmful outcomes such as denial of service and unauthorized access to private data.

The following guideline defines SCC’s process to identify, communicate and resolve security incidents in an efficient manner.

The SCC ITS Department is responsible for assisting in responding to security (cyber, physical) related incidents. A security related incident may include unauthorized access to your computer and/or the misuse of SCC IT resources, including the unauthorized acquisition, disclosure, or modification of confidential data.

I. Security Definitions

Security incident definitions and examples are provided below. Please note that any suspicious activity should be reported.

1. Data Incident – any situation where an employee believes confidential data has been accessed by an unauthorized person or entity. Examples are provided below:
   • Laptop computer is stolen or misplaced that stores confidential data
   • Mobile storage (USB drive, SD card, etc.) has been stolen or misplaced
   • SCC web site is publishing confidential data
   • Paper documents (reports, files, etc.)
   • Email, voice call or survey asking for confidential data (social engineering, phishing, etc.)
   • Lost or stolen phone/mobile device that has confidential data stored on the device
2. System Incident – any situation where an employee believes a system is accessed by an unauthorized person or entity. Examples are provided below:
   • Anti-virus software communicates malware (virus, worm, etc.) on your computer
   • Browser hijacking – user notices changes in the way the browser is reacting to searches, web sites and other web-based activity.
   • Changes to your system that you were not aware of such as new screensaver, pop up messages, another person’s login, etc.
   • Message on computer/screen stating your system has been compromised requesting money to restore to original configuration (or asking you to contact Microsoft to fix the issue)

II. Incident Response Process

All SCC employees should adhere to the following process when reporting a security incident:

1. Immediately contact ITS help desk and Vice President for Technology Services/ITS Security Officer:
   • Contact SCC help desk at 319-208-5087
   • Contact Vice President of ITS Security Officer at 319-750-9485
2. Employee will complete Security Incident Form on SCC’s Hawknet Portal (Data Security @ SCC Web Part)
3. ITS Security Officer will document incident details on the ITS Security Incident Log
4. ITS staff will document incident details on the ITS Security Incident Log
5. ITS staff will identify, contain, eradicate and recover based on the Incident Security Response Plan
6. ITS staff will contact the originator for follow up purposes
7. If critical data is compromised, the ITS Security Officer will immediately contact President, President’s Executive Council and Director of Human Resources to determine next steps

III. Incident Response Management

The following incident management processes will be followed by the ITS Division:

1. ITS staff will log all security incidents
2. Security Incident Log will be reviewed during bi-monthly ITS Security Team meetings
3. ITS Security Team will identify trends and gaps that may require revisions to Security Procedures and Administrative Guidelines