Information Security Incident Response Team (ISIRT) Policy

Revision Date:2009-07-27

Revision Number:1.2

Policy Information:


1.0      Revision History


Northern Arizona University 

Information Security Incident Response Team (ISIRT) Policy 

Document No. 

NAU – 710 

Effective Date 


Revision Date 


Revision No. 

Rev 1.2 

Producer:  Information Technology Services,  

Harper P. Johnson, Director of Information Security 

2.0          Purpose

The Information Security Incident Response Team (ISIRT) is the specially-formed group of individuals responsible for investigating Information Security Incidents at the University.  

This policy provides the Director of Information Security, who oversees the ISIRT, with the authority to develop guidelines and requirements to meet the information security needs of users and to safeguard the University's data, information, and information systems. Support from all areas of the University is vital to the ISIRT's success. 

The following policy advises those using University information resources regarding the appropriate mechanism for reporting of information security related incidents and the steps that will be taken in response to an incident. 


3.0          Definitions

3.1          Information Security Incidents – any event involving University data, information, or information systems which: 

·       violates local, state or U.S. federal law, or 

·       violates regulatory requirements which the University is obligated to honor, or 

·       violates an ABOR or University policy, or 

·       is determined to be harmful to the security and privacy of University data, information, or information resources  

·       constitutes harassment under applicable law or University policy 

·       involves the unexpected disruption of University services. 

3.2          University Administrators:University Administrators for the purposes of this policy are those individuals responsible for campus organizational units (e.g., deans, department chairs, principal investigators, directors, or managers) or individuals having functional ownership of data, information, or information systems. 

3.3          Information – Data elements, whether in part or combined, that are of value to the University, such as student or employee records, intellectual property, research data, or other information. 

3.4          Information Systems – All computer and network systems owned by and/or administered by the University. This includes all computing platforms of all sizes from personal digital assistants (PDAs) to mainframe computers, all peripheral devices and media, and all data contained on those systems.  


4.0          Applicability

4.1          This Policy applies to all Northern Arizona University faculty, staff, students, and University Affiliates. 

4.2      This Policy applies to data and information in any tangible form whether it is written, filmed, typed, recorded electronically or printed, and to all University information resources. 


5.0          Policy

Individuals described in paragraph 4.1 must immediately report suspected Information Security Incidents to the ISIRT. Reporting may be done through the individual’s departmental reporting structure, directly by contacting the ITS Solution Center during business hours, or by completing the on-line Incident Handling and Analysis Form, available at 

 If an Information Security Incident has occurred on a University computing resource and the damage suspected could involve a compromise of confidential or sensitive information, then no action should be taken on the computer other than to disconnect it from the campus network by removing the network cable or turning off the wireless device. Once reported, ISIRT team members will assist in determining the cause of the incident and assessing damage before the computer is returned to service. 


6.0          Roles & Responsibilities

6.1          President of the University: The President supports and authorizes this policy for University wide implementation. 

6.2          University Administrators: University Administrators are responsible to ensure that this Policy is complied with in their organizational units. 

6.3          Director of Information Security: The Director of Information Security is responsible for developing and implementing procedures and guidelines necessary to implement this Policy and for leading the ISIRT. 

6.4          Information Security Incident Response Team:  

Information Security Incidentswill be reported to and responded to by the ISIRT. The ISIRT will be comprised of individuals with the necessary technical knowledge and skills to identify, assess, respond to and communicate the effects of Information Security Incidents. ISIRT members will be designated by the Director of Information Security, who is authorized under  this Policy to act in the best interest of the University to secure university data, information, and information systems that are threatened and to mitigate the threat.  


7.0          Compliance

Persons who are subject to this Policy may also be subject to the provisions of applicable NAU Personnel Policies, the student employment handbook, and Arizona Board of Regents policies, including provisions for discipline for violation of this Policy, as well as applicable legal sanctions. 


8.0          References

State of Arizona – Government Information Technology Agency – Incident Response and Reporting Standard S855: 

Arizona Board of Regents:  Information Security Policy: 

 Arizona Board of Regents: Information Security Guidelines: 

NAU Information Security Policy:  


Policy Documents: