The purpose of this policy is to provide the basis of appropriate reporting of incidents that threaten the confidentiality, integrity, and availability of university information assets, information systems, and the networks that deliver the information. This policy underlies the establishment and ongoing deployment of trained computer security incident response teams, formed with the purpose of managing security incidents at Northeastern State University (NSU). This effort is being taken to improve the response time for resolving incidents, provide consistent response, and improve incident reporting.
The department of Computing and Telecommunications (C&T) supports and protects open access to pursue all academic endeavors and to share information. Access to information systems and the network supports the academic community by providing an interchange of information using a variety of media. NSU’s network has become a mission critical resource and should be used properly. In order to better protect campus users, critical resources, and sensitive data, all incidents should be reported and investigated.
Users of computer devices that are connected to the NSU network must report all computer security incidents promptly to the C&T. Reported incidents will be classified and handled according to the procedures set forth in the NSU’s Incident Response Plan.
In order to properly classify and investigate an incident, any records or data that are related to an incident and are under the authority of, or coming in the custody, control or possession of the university, must be made available to the Director of C&T or designee upon request.
To ensure the integrity of the network during an incident, it may be necessary to disconnect a host, a group of hosts, or a network that is disrupting services to others. This includes hosts that are used by unauthorized parties to attack other systems on the NSU Network.
<back to University Policies