Incident, Prevention, Response, and Notification Standard

Medium

Purpose

To communicate any vulnerabilities or incidents to the necessary individuals.

Standard

  1. ITD shall designate an individual to coordinate the incident prevention/response/notification process.
  2. The ITD coordinator shall communicate any incidents or vulnerabilities they become aware of to agency contacts.
  3. Each state agency (or customer of ND IT) shall designate an agency contact.
  4. The agency contact shall communicate any incidents or vulnerabilities they become aware of to appropriate agency personnel.
  5. The agency contact shall, in a timely manner, correct any vulnerabilities or incidents they become aware of and report such activities.

Definition

Contact - This individual is expected to be filling the IT Security Officer role for the agency.

Policy

To provide a coordinated enterprise communication process to address incident prevention/response/notification.

Scope

This standard applies to all executive branch state agencies including the University Systems Office but excluding other higher education institutions, i.e. campuses and agricultural and research centers.

Statement of Commitment

North Dakota's CIO/CTO directs that IT Policy be created to establish statewide information technology policies and standards as defined within ND Century Code (Chapter 54-59-09).

Non-Compliance

Non-compliance with this standard shall be reported to the Office of the State Auditor.


Revision Number: 1
Revision Date: 2004-05-11
Effective Date: 2004-05-11
Last Reviewed: 2019-12-03
Number: POL0020122