Skip to content
  • Bucks for Students
    Enroll + Register
    • Academics
    • Admissions Information
    • Register for Courses
    • Placement Testing
    • Academic Advising
    • Majors + Certificates
    • College Catalog
    • Bucks Online
    • Honors at Bucks
    • Academic Departments
    • Student Forms

    Apply Now

    Planning + Payment
    • Financial Aid
    • Scholarships
    • Work Study Employment
    • Payment Options
    • Your Account
    • Tuition + Fees
    Transfer + Graduate
        • Transfer Information
        • Planning Your Transfer
        • Transfer by Institution
        • Transfer by Major
        • Graduation
        • Order a Transcript
        • Career Services
        • Digital Badges

    Life at Bucks
    • Student Affairs Office
    • First Year Experience
    • Student Life
    • Athletics
    • College Events
    • Fitness + Wellness
    • Art + Entertainment
    • Alumni
    • Parents + Families
    • Bucks+

    Basic Needs

    • Accessibility Resources
    • Campus Services
    • Directory
    • Canvas
    • Bucks Email
    • Change Password
    • Pay Tuition
    • Student Planning
    • MyBucks
     
  • Bucks for Community

    Classes + Activities

    Icon of a pencil and brush
    Personal Enrichment
    • Art + Photography
    • Community+ Membership
    • Culinary Classes
    • Business Development
    • Health + Wellness
    • History + Special Interest
    • Home School
    • Foreign Language
    • Music
    • Test Prep
    • Browse All Courses
    Icon of a sun
    Kids on Campus Programs
    • Camps for Ages 5-6
    • Camps for Ages 7-9
    • Camps for Ages 10-12
    • Teen Experiences for Ages 13-17
    • Camp Information
    • Camp Scholarships
    • Preschool Summer Program
    • Register for Camp

    Events

    Event Programs
    • Art + Entertainment
    • Book Discussions
    • Concerts
    • Foundation Events
    • Poetry + Prose
    • Movie Monday
    • Trips + Travel 
    • Event Tickets

    Buy Tickets

    Event Venues

     
  • Bucks for Career
    Briefcase
    Career Development
    • Archaeology
    • Aviation
    • Child Development Associate
    • Commercial Driver's License (CDL)
    • Educators (Act 48)
    • Floral Design
    • Locomotive Engineer
    • Nonprofit Management Series
    • Online Learning
    • Professional Development
    • School-Age Professional Credential
    • More
    Fire extinguisher
    Fire + Public Safety
    • Public Safety Training + Certificate Course Schedule
    • Fire Training Weekends
    • Industrial Safety Training (OSHA)
    • Virtual Public Safety Training
    • Other Training + Resources
    • Training Facilities
    • More
    Heart with line
    Healthcare
    • CPR + First Aid Training
    • Dental Assistant
    • Nurse Aide
    • Nursing Review & Reentry
    • Pharmacy Technician
    • Physical Therapy Aide
    • Practical Nursing
    • More
    Tools crossed
    Industrial + Manufacturing
    • Building & Construction Trades Pre-Apprenticeship
    • Metalwork Pre-Apprenticeship Training
    • Industrial Maintenance Pre-Apprenticeship
    • Locomotive Engineer + Conductor
    • Welding Training
    • Workforce Development
    • More
    Man fixing server
    Information Technology
    • Certification Testing
    • Cyber Security
    • Database Development
    • Desktop Support (CompTIA)
    • Computer-Aided Design
    • Microsoft Office Software
    • Server Administration
    • Full Stack Web Developer
    • More
     
  • Library
  • Calendar + News
  • Diversity
  • Contact
Bucks County Community College

Policies + Procedures

sunny day outside of gateway center on newtown campus
  Policies + Procedures  —  Information Technology  —  Incident Response

5.6 Incident Response

I. Purpose

II. Scope

The primary purpose of this policy is to establish the baseline approach and appropriate response to any Information Technology (IT) Security Incidents that may threaten the confidentiality, integrity, and availability of college Information Technology Resources. The secondary purpose of the policy is to establish the responsibility and accountability for all steps in the process of addressing and remediating any IT Security Incident.

III. General

Definitions

Information Technology Resource(s) – includes but is not limited to the following: computer and networking equipment, workstations, laptops, software, operating systems, storage devices and media, network accounts, email services and email accounts, Internet browsing and related services, voice mail, applications, scanning and fax systems, tablets, and smartphones.

Systems – same as Information Technology Resources.

User – faculty member, staff member, employee, agent, authorized representative, or student that has access to college Information Technology Resources.

Institutional Data - all data that is necessary to the management and operation of the college that exists in electronic, digital, printed, or other forms. This information is an asset of the college, is owned by the college, and is intended to be used solely for the operation of the college in carrying out its mission.

Identity Theft - fraud committed or attempted using the identifying information of another person without authority.

Personally Identifiable Information (PII) – any information about an individual including but not limited to education, financial transactions, medical history, criminal or employment history, and information which can be used to distinguish or trace an individual’s identity such as their first and last name, social security number, email address, date and place of birth, mother’s maiden name, biometric records, etc. including any other personal information which is linked or linkable to an individual. PII Data is classified as restricted data by the college.

IT Security Incident - the successful unauthorized access, use, disclosure, modification or destruction of data or interference with system operations in an information technology resource. Included in the definition is the loss of data through theft or device misplacement, loss or misplacement of hardcopy documents or the compromise of physical security.

IT Reportable Incident - the unauthorized acquisition, access, use, or disclosure of unencrypted PII or other data that is classified by the college as restricted in a manner not suitable for public release, or permitted under existing law or college policy.

Table Top Exercise – an exercise in which realistic scenarios are presented in a low-stress environment where plans are developed for responding to an unfolding situation.

General Policy Statements

This policy outlines the guidelines to be followed for the protection of college Information Technology Resources, the applicable laws to which the college adheres in the event that an IT Reportable Incident occurs and the responsibilities of each member of the Incident Response Team.

In order to facilitate the accurate and productive response to IT Incidents, all IT Incidents will be classified for severity when initially reported. As an IT Incident progresses, its classification may be reevaluated and changed as necessary to ensure proper handling and remediation.

Unsolicited PII from a student or parent transmitted through an unsecured manner is not considered an IT Reportable Incident.

Required Policy Actions

All Users are required to report immediately to the college Information Technology Security Officer any suspected or actual IT Security Incident. This includes:

  • any unauthorized access to college Information Technology Resources, or,
  • any attempt to compromise, alter, negatively impact, or destroy college Institutional Data or
    Information Technology Resources, or,
  • any unauthorized interception, monitoring or disabling of electronic communications, or,
  • any suspected or actual weaknesses in the existing safeguards protecting the college Information Technology Resources or Institutional Data.

Any User who becomes aware of an Information Security Incident should disconnect the compromised system and equipment from the college network or can contact the ITS Help Desk to have it disconnected or communications disabled. The compromised system cannot be reconnected to the college computing infrastructure until such time that the Incident Response Team has concluded its investigation and authorizes the activity.

The Incident Response Team:

  • is responsible for investigating suspected or actual IT Security Incidents or IT Reportable Incidents in a timely, cost-effective manner, and documenting and reporting the findings to college leadership.
  • will invoke the process and procedures as defined in the IT Incident Response Procedures when an IT Security Incident or IT Reportable Incident is reported.
  • Is authorized to take any appropriate steps deemed necessary to contain, mitigate or resolve any suspected IT Security Incident or IT Reportable Incident is reported.
  • will conduct periodic table top exercises and the results of the exercises will be documented.

Any device not owned and/or authorized by the college which is using the college Information Technology Resources and is found to be the target, source or participant to an IT Incident may be subject to immediate suspension of services without notice until the threat has been remediated or the device in no longer deemed a threat.

During the course of the investigation of an IT Incident if it is determined that unencrypted PII or restricted data may have been compromised or leaked or that unauthorized access was obtained to any college Information Technology Resources, law enforcement officials and regulatory authorities will be notified.

Regulatory Notifications and Internal Reporting Requirements

The required regulatory and legal requirements will be adhered to for any IT Reportable Incident. The reporting requirements are detailed in the Information Technology Incident Response Procedures.

The Incident Response Team will invoke the internal escalated paths as defined in the Information Technology Incident Response Procedures.

Incident Response Team Responsibility Matrix

Team MemberRole
IT Security Officer
  • Primary contact for all IT Security Incidents and responsible for invoking IT Incident Response Procedures.
  • Prioritizes actions during the detection, analysis, containment, and documentation of an incident.
  • Logs and track the progress of the incident until fully resolved
Director – Systems
  • Works with the appropriate parties to determine the extent of the potential breach, identify data stored and compromised on all systems, and the number of individuals type of personal information at risk.
  • Reviews event logs for correlating evidence of unauthorized access.
  • Preserves all audit logs, forensic evidence, and chain of custody for law enforcement and potential investigations
Director – Network and Infrastructure Services
  • Analyzes network traffic for signs of denial of service, distributed denial of service, or other external attacks.
  • Implements appropriate counter measures to block network access and penetration from suspected intruder.
  • Contacts Internet Service Provider’s (ISP) for any required assistance.
  • Reviews event logs for correlating evidence of unauthorized access.
  • Preserves all audit logs, forensic evidence, and chain of custody
    for law enforcement and potential investigations
Registrar
  • Primary contact for any incident that may negatively impact the confidentiality, integrity, and availability of student data.
Provost
  • Determines if any disciplinary action needs to occur if the root cause of an IT Security Incident was directly attributable to the actions of a student or faculty member.
Director – Financial Aid
  • Primary contact for any incident that may negatively impact the confidentiality, integrity, and availability of student financial aid data.
Executive Director – Human Resources
  • Primary contact for any incident that may negatively impact the confidentiality, integrity, and availability of faculty and staff data.
  • Determines if any disciplinary action needs to occur if the root cause of any incident was directly attributable to the actions of a staff member.
Executive Director – Marketing and Public Relations
  • Primary contact for any communication and interaction with the students, alumni, public, and all media outlets.
Controller
  • Primary contact for any incident that may negatively impact the confidentiality, integrity, and availability of the college’s financial data and/or systems.
Executive Director – Security and Safety
  • Primary contact for communication and escalation path with local and federal law enforcement officials.

Risk Classification Matrix

LevelClassification (derived from FIPS 199 Standard)CharacteristicsIncident Response Team Activation
Critical The unauthorized disclosure, modification, destruction, or access to information could be expected to have a severe or catastrophic adverse effect on operations, assets, or individuals.
  • Any unexpected or unauthorized change, disclosure or interruption to information assets that could be damaging to the campus community or the college’s reputation
  • The event creates an adverse impact to the delivery of core enterprise systems, service delivery, or operations.
  • Confirmed unauthorized access to mission critical systems or applications.
  • Confirmed unauthorized access, loss, alteration, or destruction of unencrypted restricted data.
  • Significant financial risk, legal liability, and negative impact to the college’s reputation is highly probable.
Immediate
High The unauthorized disclosure, modification, destruction, or access to information could be expected to have a serious or adverse effect on operations, assets, or individuals.
  • A successful attack that is difficult to control or counteract because no countermeasures, resolution procedures or bypass exist.
  • A confirmed and successful IT Security Incident has occurred.
  • The leakage of unencrypted restricted data from the environment has not occurred but is possible without containment.
  • Accounts have been compromised with elevated privileges to enterprise resources, ERP or LMS systems, or restricted data.
  • Significant financial risk, legal liability, and negative impact to the college’s reputation is possible.
Immediate
Medium The unauthorized disclosure, modification, destruction, or access to information could be expected to have limited adverse effect on operations, assets, or individuals.
  • The threat impact is limited in scope, easy to control and counteract.
  • Compromise of an account with no elevated privileges.
  • Compromise of a device due to malware infection.
  • Intrusion attempt is attempted and alerts generated.
  • Financial risk, legal liability, and negative impact to
    the college’s reputation is highly unlikely.
None
Low Occurrences of minor focus that are deemed inconsequential with no negative effect on system operations.
  • There is no impact or negative impact on operations.
  • Penetration or denial of service attacks attempted with no impact.
  • Solutions or countermeasures are readily available to resolve the event.
  • Malware is detected on a system but is quarantined.
None

IV. Procedures

none

V. Approval

none

VI. Responsibility

IT Security Officer & Vice President, Technology & CTO

  • Responsible Use of Electronic Resources
  • Use of Information Network Services
  • Institutional Data Security & Protection Policy
  • Anti-Virus
  • Clean Desk Policy
  • Incident Response
  • Encryption
  • Email Whitelisting and Quarantine Access Policy

Open Records Officer

Office of the President
215-968-8220 openrecords@bucks.edu Newtown

Fax: 215-698-8129

Contact the PA Office of Open Records
openrecords.pa.gov
717-346-9903

Open Records Officer

Office of the President
215-968-8220 openrecords@bucks.edu Newtown

Fax: 215-698-8129

Contact the PA Office of Open Records
openrecords.pa.gov
717-346-9903

circle logo
Newtown | 215-968-8000
275 Swamp Road, Newtown, PA 18940
Bristol | 267-685-4800
1304 Veterans Highway Bristol, PA 19007
Perkasie | 215-258-7700
One Hillendale Rd, Perkasie, PA 18944
Bucks Online | 215-968-8052
Learn from anywhere



  • Follow Us on Instagram
  • Like Us on Facebook
  • Follow Us on Tiktok
  • Watch Us on YouTube

© Bucks County Community College.
All rights reserved.

Find Campus Services

  • Accessibility - TAO
  • Admissions
  • Advising
  • Basic Needs
  • Bookstore (External Website)
  • Career + Job Resources
  • Catalog
  • Counseling
  • Dining
  • Early Learning Center
  • ESL Programs
  • Financial Aid
  • Fitness and Wellness
  • IT Help Desk
  • KEYS Program
  • Library
  • Media Lab
  • Perkins
  • Prior Learning Assessment
  • Registrar
  • Security + Safety
  • Success Advocates
  • Testing 
  • Transfer + Planning
  • Tutoring
  • Veteran Resources

Faculty + Staff Resources

  • MyBucks
  • Office 365
  • Canvas
  • Faculty Center
  • Faculty Online Resources
  • Professional Development

Get Involved

  • Arts + Entertainment
  • Athletics
  • Bucks+
  • Calendar + News
  • Event Tickets
  • Lectures + Conferences
  • Student Life

Read Notices + Policies

  • Academic Policies
  • Student Policies
  • Human Resources Policies
  • Information Technology
  • Administration
  • Advancement
  • Consumer Information
  • Disclaimers
  • Holiday Statement
  • Notice of Non-Discrimination
  • Clean Air Zone
  • Web Accessibility

Foundation + Alumni

  • Give
  • Alumni
  • Board of Directors
  • Foundation
  • Scholarships
  • Special Events

Explore Campus

  • Bucks Online
  • Newtown Campus
  • Lower Bucks Campus
  • Upper Bucks Campus
  • Parking
  • Facilities Rental
  • Weddings in Tyler Gardens
  • Purchasing
  • Sustainability
  • Emergency Closing Information

Find Jobs

  • Student + Work-Study Employment
  • Faculty + Staff Employment

Discover Bucks

  • Accreditations
  • Board of Trustees
  • Community + Government Relations
  • Diversity, Equity + Inclusion
  • History
  • Mission + Vision
  • Office of the President
  • Provide Feedback

Contact Us

  • Ways to Contact Us
  • Faculty + Staff Directory
  • Social Media
  • Report an Issue
  • Emergency Text Alerts
  • System Status
  • Campus Health & Safety Plan