• Embed Doc
  • Copy Link
  • Readcast
  • Collections
  • CommentGo Back
Download
 
 
DEPARTMENTAL HANDBOOK 
Handbook OCIO-14Page 1 of 43 (06/26/2007)
 Distribution:Approved by:
 ______/s/________________________ All Department of Education Employees Michell ClarAssistant Secretary for Management
Handbook for Information SecurityIncident Response and Reporting Procedures
For technical questions concerning information found in this ACS document, please contactEric Eskelsen atEric.Eskelsen@ed.gov or on (202) 245-6530. Supersedes OCIO-14, Information Security Incident Handling Procedures dated 5/13/2005.
 
ADMINISTRATIVE COMMUNICATIONS SYSTEM
U.S. DEPARTMENT OF EDUCATION
 
ACS document number here Page ii of 44 (date here)
Information SecurityIncident Response andReporting Procedures
DRAFTJuly 14, 2004
Department of Education
I
NFORMATION
T
ECHNOLOGY
S
ECURITY
P
ROGRAM
O
FFICE
 
OF
 
THE
C
HIEF
I
 NFORMATION
O
FFICER 
FOR OFFICIAL USE ONLY
FOR OFFICIAL USE ONLY
U.S. Department of Education
Office of the Chief Information Officer 
Handbook for InformationSecurity Incident Response andReporting Procedures
Information Assurance Program
 
 
Handbook for Information Security Incident Response and Reporting Procedures
 
06/26/2007
TABLE OF CONTENTS
Department of Education....................................................................................................................iiInformation Technology Security Program............................................................................................iiOffice of the Chief Information Officer.................................................................................................iiInformation Security Incident Response and Reporting Procedures..........................................................iiU.S. Department of Education............................................................................................................iiOffice of the Chief Information Officer.................................................................................................iiInformation Assurance Program.............................................................................................................ii1 Introduction ...............................................................................................................................................3Purpose....................................................................................................................................................3Background.............................................................................................................................................3Scope.......................................................................................................................................................3Document Structure................................................................................................................................32 Incident Response Procedures .................................................................................................................4Definition................................................................................................................................................4Office of Inspector General ..................................................................................................................5System User Response Activities............................................................................................................62.1.1 Preparation ..................................................................................................................................62.1.2 Detection/Identification ..............................................................................................................62.1.3 Containment ................................................................................................................................72.1.4 Eradication ..................................................................................................................................82.1.5 Recovery .....................................................................................................................................92.1.6 Lessons Learned ..........................................................................................................................9System Support Personnel Response Activities......................................................................................92.1.7 Preparation .................................................................................................................................92.1.8 Identification ............................................................................................................................102.1.9 Containment ..............................................................................................................................102.1.10 Eradication ..............................................................................................................................112.1.11 Recovery ................................................................................................................................112.1.12 Follow-Up ...............................................................................................................................113 Reporting Procedures ..............................................................................................................................12EDCIRC Incident and Event Reporting Process..................................................................................133.1.1 Incident Reporting ....................................................................................................................133.1.2 Major System or Network Vulnerability Reporting ..................................................................163.1.3 Network Analysis Reports ........................................................................................................163.1.4 Weekly Summary Reports .......................................................................................................163.1.5 Biweekly Summary Reports .....................................................................................................17OCIO Reporting Requirements.............................................................................................................173.1.6 Reporting to Internal Entities ....................................................................................................173.1.7 Reporting to External Entities ...................................................................................................174 Incident Response and Reporting Roles and Responsibilities ................................................................18Employees and Other System Users.....................................................................................................18System Administrators and Network Security Officers........................................................................18EDNET.................................................................................................................................................184.1.1 Incident Handler .......................................................................................................................194.1.2 Incident Coordinator .................................................................................................................194.1.3 System Security Officer ............................................................................................................19
i
FOR OFFICIAL USE ONLY
of 00

Leave a Comment

You must be to leave a comment.
Submit
Characters: ...
You must be to leave a comment.
Submit
Characters: ...