December 1, 2010
December 1, 2010
INFORMATION MANAGEMENT, PRIVACY AND SECURITY
Data Incident Response
Office Of The CTO
REVIEWED: JUNE 2021 BY CTO GOVERNANCE
Purpose and Overview
Information Security manages and maintains the Data Breach Response Management Process for incidents and events involving loss of data that includes sensitive and protected information such as social security numbers, credit card numbers, or any data classified as internal use, confidential, or restricted use. For a complete listing of data classified as sensitive, please see the: Data Classification Guide
Security is everyone’s responsibility. If you see anything that suggests we may have a cybersecurity incident or data breach, contact the Office of the CTO.
- If you suspect a data breach, DO NOT power off, log in to, continue to use, or alter any system unless directed to do so by the Incident Response Team (IRT)
Importance and Key Features
Having an approved, documented procedure is crucial for handling potential data loss incidents properly. In the unfortunate event where such information may have been accessed by unauthorized individuals, there are regulatory requirements to which the company must adhere.
- IRT (QAI Information Security Incident Response Team) – Coordinates the technical response to cybersecurity incidents at the company
- ISO (Information Security Officer) – Initiates the Data Breach Response Management Plan, acts as the central communication point and coordinator for breach response, and coordinates with senior management. This role is generally filled by the Executive Director of Information Security, but may be filled by another designee if appropriate
- The First Responder Checklist – Provides guidance to the first people to observe indicators that a security issue may be occurring
What to Expect
This service is available 24 hours a day, 7 days a week.
Incidents are triaged according to the severity of the incident. Some factors that contribute to severity are:
- Safety concerns for people and buildings
- Loss or exposure of personal or institutional data
- Violation of laws and contracts
- Interruption of service to a community
- The size of the affected community
Reporting a Sensitive Data Incident
You may contact us one of two ways:
- Via the web: Report an Incident
- Call our 24 hour hotline at 650-422-9011
Please be aware that QTIS has few computer systems operating on its network at any time. In order to process your complaint we need as much detail as possible. At a minimum, we need you to provide us with:
- Your contact information, email and/or phone number so we can follow up if we need more information
- The hostname, IP address, or MAC (hardware) address of the system involved in the incident
- The time the incident occurred, including your timezone.
When reporting an incident online or through the hotline, please be sure to leave names and phone numbers of people who we can contact to obtain access to the system.
PLEASE NOTE: We do not handle the physical theft of computing resources. Theft of personal computer equipment stolen from any location should be reported to the Office of the CTO. Owners of laptops are encourage to register their laptops in advance through the Police Department’s organizations.