1. Governing Regulations
This procedure is governed by System Regulation 29.01.03 Information Security, Administrative Procedure 01.04 Fraud Prevention Program, Administrative Procedure 30.02 Equipment Management, Administrative Procedure 50.03 General Computing, Administrative Procedure 50.06 Response Plan for Cybersecurity Incidents, and Texas Administrative Code (TAC), Title 1, Part 10, Chapter 202, Information Security Standards.
2. General
Computer security incidents include, but are not limited to, the following:
2.1 malicious code detection (other than virus, spyware, malware),
2.2 unauthorized use of user accounts and computer systems,
2.3 theft of computer equipment or electronic information,
2.4 disruption or denial of service that cause substantial loss of time or money to the agency,
2.5 any unlawful activity with the use of Internet, intranet and email,
2.6 any fraudulent activity involving information resources,
2.7 misuse of privileges,
2.8 unauthorized acquisition, loss or theft of personally identifiable information,
2.9 any activity that violates Administrative Procedure 50.03 General Computing,
2.10 ransomware or encryption attacks.
3. Purpose
3.1 This procedure describes and establishes the requirement for dealing with computer security incidents.
3.2 This procedure applies to all designated departments and individuals with authorized access to agency information resources.
4. Reporting Computer Security Incidents
The following reporting procedures shall be followed whenever a computer security incident is suspected.
4.1 Incidents involving fraud, waste or abuse of information resources will be reported in accordance with Administrative Procedure 01.04 Fraud Prevention Program.
4.2 Incidents of any unlawful activity will be reported to the Deputy Director, Associate Director for Finance, and Chief Administrative Officer.
4.3 Incidents of computer theft will be handled in accordance with the Missing, Stolen or Vandalized Equipment section of Administrative Procedure 30.02 Equipment Management. In addition, the Information Resources (IR) Department must be notified of a computer theft within one business day.
4.4 Incidents involving personally identifiable information or ransomware attacks will be reported to the IR Department in accordance with Administrative Procedure 50.06 Response Plan for Cybersecurity Incidents.
4.5 All other incidents shall be reported to the IR Department, which will ensure that the incidents are reported in accordance with System requirements.