IR-8 Incident Response Plan
Description
It is important that organizations develop and implement a coordinated approach to incident response. Organizational missions, business functions, strategies, goals, and objectives for incident response help to determine the structure of incident response capabilities.
As part of a comprehensive incident response capability, organizations consider the coordination and sharing of information with external organizations, including, for example, external service providers and organizations involved in the supply chain for organizational information systems.
Applicability
This Control applies to all TAMU-CC employees, students, information resource users, administrators, and owners, or designees. This Control also applies to all TAMU-CC assets as part of all colleges and departments whether academic or non-academic.
The applicability of this Control is not limited to person(s) or assets residing permanently or temporarily in any one state. This Control addresses, in part or whole, controls and control sets in regard to Information security monitoring, detection, and response across all federal, state, TAMU System (TAMUS), and University regulations.
Implementation
TAMU-CC has an incident management policy that describes the requirements for dealing with computer security incidents including prevention, detection, response, remediation, and reporting:
- Develops an incident response plan that:
- Provides the organization with a roadmap for implementing its incident response capability;
- Describes the structure and organization of the incident response capability;
- Provides a high-level approach for how the incident response capability fits into the overall organization;
- Meets the unique requirements of the organization, which relate to mission, size, structure, and functions;
- Defines reportable incidents;
- Provides metrics for measuring the incident response capability within the organization;
- Defines the resources and management support needed to effectively maintain and mature an incident response capability; and
- Is reviewed and approved by Chief Information Security and Privacy Officer (CISPO);
- Distributes copies of the incident response plan to the incident response team;
- Reviews the incident response plan annually;
- Updates the incident response plan to address system/organizational changes or problems encountered during plan implementation, execution, or testing;
- Communicates incident response plan changes to incident response team; and
- Protects the incident response plan from unauthorized disclosure and modification.
Revision History
Last Updated: February 21, 2025
Previous Versions:
- June 29, 2023
- May 31, 2022
- March 25, 2021
- September 16, 2019