Component #9

Component #9:  Security Incident Handling

 Guidance on reporting security events, managing security incidents, and building information security into business continuity management.

Incident Response: The University of Guelph has an incident response capability jointly coordinated by CCS Help Services and IT Security (part of the CIO's Office).  IT Policy #02.1 "Roles and Responsibilities for Information Security" outlines the specific responsibilities for all individuals employed at the University include the following:  

 1. Maintain awareness of and abide by the conditions set out in the University’s Acceptable Use Policy (AUP).

2. Maintain awareness of and abide by IT policies set out by the University, and their department or college

3. Maintain computing accounts, application access and individual computing devices in a secure manner.

4. Report any security incidents or privacy breaches to the appropriate area. 

Individuals should telephone extension 58006 or email incident@uoguelph.ca.  Privacy breaches should be reported to the University Secretariat.  

 Incident Management: A Computer Security Incident Management Team, (CSICT) will be responsible for coordinating major security problems in an appropriate manner and improve our capability to track and resolve security incidents.  A new policy is under development which defines major IT security incidents and charters the Incident Management Team.