www.elpasotexas.gov - Incident Management Policy


Incident Management Policy

INFORMATION TECHNOLOGY

Mission Statement

GIS Division

Division Home
PDN Mapa

Project Office Division

Policies

Administrative
Departmental

Introduction	The number of computer security incidents and the resulting cost of business disruption and service restoration continue to escalate. Implementing solid security policies, blocking unnecessary access to networks and computers, improving user security awareness, and early detection and mitigation of security incidents are some the actions that can be taken to reduce the risk and drive down the cost of security incidents.
Purpose	This document describes the requirements for dealing with computer security incidents. Security incidents include, but are not limited to: virus, worm, and Trojan horse detection, unauthorized use of computer accounts and computer systems, as well as complaints of improper use of Information Resources as outlined in the Email Policy, the Internet Policy, and the Acceptable Use Policy.
Audience	The City Of El Paso Incident Management Policy applies equally to all individuals that use any of The City Of El Paso Information Resources.
Incident Management Practice Standard	The City Of El Paso CIRT members have pre-defined roles and responsibilities which can take priority over normal duties. Whenever a security incident, such as a virus, worm, hoax email, discovery of hacking tools, altered data, etc. is suspected or confided, the appropriate Incident Management procedures will be followed. The ISO is responsible for notifying the ITD and the CIRT and initiating the appropriate incident management action including restoration as defined in the Incident Management Procedures. The ISO is responsible for determining the physical and electronic evidence to be gathered as part of the Incident Investigation. The appropriate technical resources from the CIRT are responsible for monitoring that any damage from a security incident is repaired or mitigated and that the vulnerability is eliminated or minimized where possible. The ISO, working with the ITD, will determine if a widespread The City Of El Paso communication is required, the content of the communication, and how best to distribute the communication.· The appropriate technical resources from the CIRT are responsible for communicating new issues or vulnerabilities to the system vendor and working with the vendor to eliminate or mitigate the vulnerability. The ISO is responsible for initiating, completing, and documenting the incident investigation with assistance from the CIRT. The City Of El Paso ISO is responsible for reporting the incident to the ITD Local, state or federal law officials if required by applicable statutes and/or regulations The ISO is responsible for coordinating communications with outside organizations and law enforcement. In the case where law enforcement is not involved, the ISO will recommend disciplinary actions, if appropriate, to the ITD. In the case where law enforcement is involved, the ISO will act as the liaison between law enforcement and The City Of El Paso.
Disciplinary Actions	Violation of this policy may result in disciplinary action which may include termination for employees and temporaries; a termination of employment relations in the case of contractors or consultants; dismissal for interns and volunteers; or suspension or expulsion in the case of a student. Additionally, individuals are subject to loss of The City Of El Paso Information Resources access privileges, civil, and criminal prosecution.

| Disclaimer | Accessibility | Privacy Policy | Security Policy | Link Policy |
| Tools | Contact Us | Directions to City Hall | Employees | © 2008 City of El Paso | Webmail |