Incident Management
This section describes the process used to report events which have the potential to negatively impact the confidentiality, integrity, or availability of Cal Maritime's information assets.
The incident response cycle begins when a suspicious event is observed. Individuals in functional campus areas must either contact the IT Help Desk at helpdesk@csum.edu or contact the Information Security Officer directly. Depending on the nature of an incident (e.g. burglary, robbery) the end user may send an email to policedepartment@csum.edu and include any details regarding the asset was lost, the type of data lost (sensitive data or not), serial number, asset tag, time and location of the item that was lost.
Information security incidents are considered high priority and take precedence over normal Cal Maritime business operations. Managers who supervise functional campus areas must be prepared to manage work priorities, applying their judgment to the scope and impact of an incident in accordance with direction provided by the Information Security Officer.
The Incident Response Roles and Responsibilities document (Word) outlines the duties of the Cal Maritime community regarding the handling of information security incidents.
In cases where confidential (e.g. Level 1 or Level 2) data may be involved, the initial IT point of contact in the corresponding functional campus area must complete an Incident Response Form (Word) and escalate the issue to the IT Security Team in accordance with the instructions on the Incident Response Form. Isolated, low impact, events that do not put confidential data at risk generally can be handled without using this form.