IR-9 Information Spillage Response
Initial Implementation: 10/1/2022
Last Review: 12/12/2024
Last Review: 12/12/2024
Statement
West Texas A&M University will develop an information spillage response plan that describes the requirements for dealing with computer security incidents involving the movement of confidential or sensitive data to system that is not authorized to contain this data.
Applicability
This Control applies to all West Texas A&M network information resources. The intended audience for this Control includes all information resource owners, custodians, and users of information resources.
Implementation
The Information Spillage Response Plan shall include:
- Assignment of the ISO responsibilities for responding to information spills
- Identification of specific information involved in contamination
- Alerting of TAMUS Security Operations Center and DIR of information spill, using a method of communication not associated with the spill
- Isolating the contaminated system or component
- Eradicating the spilled information from the contaminated system or component
- Identification of other systems or components that may also be contaminated
- Perform any additional actions deemed necessary during investigation/cleanup
The plan shall be considered confidential and protected from disclosure or unauthorized modification.