We imagine nameless, faceless attackers or hackers as the perpetrators of cybersecurity incidents. While this is often the case, sometimes the unintended thing that happens is simply the result of a misconfiguration or accidental breach. The Cybersecurity Incident Detect and Respond Policy supports the university's mission, vision, and values, as well as its legal, ethical, and contractual obligations, by establishing accountability for detecting, responding to, and reducing the impact of cybersecurity incidents that affect the confidentiality, integrity, and availability of university digital information and assets.
A summary of this policy can be found below. The full policy is available on the University Secretariat website.
What is a Cybersecurity Incident?
A cybersecurity incident is any event on a digital asset that has a detrimental impact, or has potential to cause a detrimental impact, to university operations, reputation, legal obligations, strategic objectives, or to the community by impacting the confidentiality, integrity, or availability of digital information and information systems. Cybersecurity incidents usually involve attempted or actual unauthorized access to information or unauthorized use of systems, and encompass a wide range of scenarios, from deliberate to accidental.
The Digital Information Security Policy outlines how the university will respond to cybersecurity incidents. The Policy aims to ensure that the University will detect, contain, eradicate, recover, and learn from cybersecurity incidents in a timely and effective manner, and to minimize the impact to university operations, reputation, legal obligations, strategic objectives, and to the community. The Policy authorizes the CIO to implement containment measures when an incident is detected.
Who is involved in incident detection and response?
Incident detection involves monitoring digital assets and networks for threats and vulnerabilities. Risk Owners, Risk Assessors, Digital Service Managers, and Digital Custodians are the first line of defense in the cybersecurity incident detect and respond process, and they are primarily responsible for monitoring the digital assets in their area of responsibility.
Incident response includes investigation and implementation of containment measures to mitigate impact on affected assets and prevent further damage. Measures may involve restricting network access, disabling credentials, or preventing communication until assets are recovered. The Policy authorizes the University to monitor digital assets for cybersecurity incidents, and delegates that authority to the Security Operations Centre through the CIO.
The Policy also authorizes the CIO to create an incident response plan, and to lead that plan when necessary. The Cybersecurity Incident Response Plan details specific procedures for responding to incidents, and the people required for a thorough response. These may include members of the Senior Leadership Team and participants from our Privacy, Legal, and Risk teams, and other subject matter experts as necessary.