Skip to main content

IR-9 Information Spillage Response

Description

Identifies roles and responsibilities for responding to information spills.

Applicability

  • This Control applies to the university Chief Information Security Officer and Information Resource Owner.

Implementation

  • 1 - Information Resource Owners are responsible for responding to information spills by:

    • 1.1 - Identifying the specific information involved in the system contamination.
    • 1.2 - Alerting the CISO of the information spill according to reporting guidelines described in IR-6, and using a method of communication not associated with the spill.

  • 2 - The Office of the CISO is responsible to respond to the report of information spillage by:

    • 2.1 - Isolating the contaminated system or system component.
    • 2.2 - Eradicating the information from the contaminated system or component.
    • 2.3 - Identifying other systems or system components that may have been subsequently contaminated.