Section 4: Incident ResponseAnchor: #i1354191
This section establishes how TxDOT maintains an Incident Response Plan in order to properly respond to, document, and track incidents. The Incident Response Plan provides a high-level approach for TxDOT’s response when information security policies are breached. It provides an emergency-based method to address the “Response” objective of the Texas CyberSecurity Framework.
CAUTION: Documents related to incident response are confidential. The incident response plan needs will be distributed to department heads and other stake holders on a need-to-know basis.Anchor: #i1354541
An incident response plan must describe a strategic response to a breach of routine business practices and provide sufficient details to continue business functions. The plan is tested annually and is updated as needed. TxDOT’s response includes assembling a trained incident response team.
All incidents are reported to TxDOT’s Information Security Officer (ISO) as soon as they are discovered. The ISO notifies stakeholders according to the escalation levels established in the incident response plan. TxDOT implements an automated incident handling response to include the preparation, detection and analysis, containment, eradication, and recovery from incidents.
WARNING: Information about security incidents will be on a "need-to-know" basis and are confidential in nature. Reports are reviewed and approved by the Information Security Officer (ISO) prior to release to outside agencies.Anchor: #i1355740
Information Custodians assist the incident response teams with their incident investigations.
Information Owners review, test, and update the incident response plan in coordination with the Information Security Officer.
Information Security Officer must:
- oversee the establishment and training of the incident response teams.
- review and test updates to the incident response plans are aligned with current standards.
- ensure that updates to the incident response plans are aligned with current standards.
Compliance and Standards
See the “Incident Response Standards” in the Information Security Standards manual for a list of the minimum standards necessary to comply with this objective of the Business Continuity Policy.