The flowchart illustrates the overall process of reporting and response.
There are five actors:
- the Department,
- the Office of Cybersecurity,
- the CIO,
- the Administrative Leadership Team (ALT), and
- University Communications.
There four phases:
- Incident discovery and report.
Done by the Department.
A suspicious activity is observed. This might or might not lead to an incident report. There are two cases that require a report.
If restricted data may have been accessible to unauthorized persons, the incident must be reported.
If sensitive data was accessed by unauthorized persons, the incident must be reported.
Done by the Office of Cybersecurity, with assistance from the Department.
The investigation determines whether or not leadership needs to make a decision about notification.
Done by the CIO, the Administrative Leadership Team (ALT), and University Communications, with assistance from the Department and the Office of Cybersecurity.
The CIO organizes the ALT. The ALT reviews the investigation report and decides whether or not to notify the affected persons. If so, notification is done, with provision to respond to inquiries from the press and those who were notified.
The ALT also evaluates and follows up on other obligations the university might have.
- Post-incident activities.
The process always ends with post-incident activities by all who were involved up to that point.
Please address questions or comments to firstname.lastname@example.org.
ReferencesIncident Reporting and Response Policy- https://policy.wisc.edu/library/UW-509
Incident Reporting and Response Procedures - https://kb.wisc.edu/itpolicy/cio-incident-reporting-procedures
Incident Reporting and Response Procedures Flowchart – https://kb.wisc.edu/itpolicy/cio-incident-reporting-procedures-flowchart
Incident Reporting and Response Procedures Template (for local procedures) – https://kb.wisc.edu/itpolicy/cio-incident-reporting-procedures-template
IT Policy Glossary – https://kb.wisc.edu/itpolicy/glossary
Data Classification Policy – https://policy.wisc.edu/library/UW-504
Acceptable Use Policy – https://www.wisconsin.edu/regents/policies/acceptable-use-of-information-technology-resources/
Revised: Mar 04, 2016
Reviewed: Jan, 2018
Review in: one year (must be approved by Chancellor's designeed, per UW System Admin Policy 1033)
Maintained by: Office of the CIO, IT Policy
History at: https://kb.wisc.edu/itpolicy/cio-incident-reporting-history
Reference at: https://kb.wisc.edu/itpolicy/cio-incident-reporting-procedures-flowchart