Security incidents are likely to occur in the Universities. Therefore, there is a need for centralized incident reporting. It is important that information security incidents, and suspected information security weaknesses are reported, logged, and then dealt with.
The purpose of this policy is to ensure appropriate investigations, actions, and reportings are in place when ICT incidents occurred in the University.
This policy applies to all the University’s community who uses ICT services, ICT facilities, and equipment for teaching-learning and research purposes.
- Information security issues should be reported to the ICT Directorate;
- The ICT Directorate is empowered to prohibit devices suspected of being compromised, misused, or misconfigured, from connection to the University’s network until the issue is resolved.
ICT Directorate shall ensure that:
- Necessary resources are allocated to investigate and monitor any incident until it has been resolved;
- Other organizations (if any) are advised or consulted about incidents as appropriate, and in particular:
- Security incidents involving the loss of sensitive or confidential information are to be reported to the Insurance Services (if such services are existing) as soon as possible,
- Incidents such as fire, flood, or theft affecting IT systems are to be reported promptly to both the Security and the Insurance Services (if there is any),
- Where the cost of recompiling lost data may become the subject of an insurance claim, the Insurance Services (if there is any) must be informed promptly, and
- The relevant Directors of College and Heads of Department are informed by ICT Directorate of the incident where this is appropriate.
Reporting Information Security Incidents
- Information security incidents and any suspected security weaknesses found in the University’s IT-based information systems shall be reported to the ICT Directorate;
- Information system security incidents (suspected or confirmed) relating to the University’s computers, data, networks, or people shall be reported to the ICT Directorate;
- The details of security issues must be properly logged by the ICT Directorate (i.e. who, what, where, and when). Logs should include a description of the issue, history of actions taken, and status of the problem on closure;
- Breaches of security, where serious Staff or student misconduct is suspected, will be reported to the Registrar and Administration Vice President for decision making or taking any further action.