Information Technology Services
Information Technology Services

Cybersecurity Incident Response Plan (CIRP)

Cybersecurity threats against universities are a reality and are on the rise. It is understood and accepted that not all cyber incidents can be prevented, even with a robust cybersecurity program in place. It is incumbent upon Queen’s University leadership to ensure plans are in place to react appropriately following the occurrence of a cybersecurity incident. 

The university’s IT units, under the direction of the Chief Information Officer (CIO), have developed a Cybersecurity Incident Response Plan (CIRP) to address all aspects of responding to a cybersecurity incident. The CIRP: 

  • describes the process Queen’s University follows to prepare for and respond to a cybersecurity event; 
  • defines the roles, responsibilities, authorities, and tasks associated with each phase of a cybersecurity incident to ensure a coordinated and effective response; 
  • is executed in response to any cybersecurity incident affecting any information technology infrastructure, information system, application or data under the stewardship of Queen’s University; and 
  • is intended for reference by all stakeholders identified as having a role in cybersecurity incident response. 

The cybersecurity incident response initiation, management, and closure will be conducted using the ServiceNow Security Incident Response (SIR) module. This process provides: 

  • Increased visibility and awareness: By offering a common University-wide platform (ServiceNow) provides a central location to capture, manage, and coordinate cybersecurity incidents across Queen’s University. 
  • Improved response to incidents: By developing standardized and actionable steps to contain an incident and appropriately escalate and delegate incident response actions, cybersecurity responders can focus on the response tasks. 
  • Enhanced communication: A communication plan and templates provide the guidance on notifying the appropriate internal and external stakeholders in the event of a security incident. 

Getting Started 

The CIRP with associated documentation, as well as step-by-step instructions for ServiceNow, are available using the table below (note that you will be required to authenticate with your NetID and password for CIRP related documentation): 

Documentation Contents
Cybersecurity Incident Response 
  • Cybersecurity Incident Response Plan (CIRP) 
  • CIRP Appendixes and Annexes 
  • Detailed Incident Playbooks 
ServiceNow Training 

Security Incident Response (SIR) module: 

  • Training Presentation 
  • Training Video 
  • Standard Operating Procedure (SOP) 

IT Service Management (ITSM) module for security incidents: 

  • Training Presentation 
  • Training Video 
  • Standard Operating Procedure (SOP) 

To access ServiceNow, you will need a Queen’s NetID. Credentialed security responders can access the Security Incident Response (SIR) module by requesting access per the contacts below. 

Help & Support 

Please contact the appropriate support area: