{"id":87853,"date":"2014-12-16T15:51:15","date_gmt":"2014-12-16T20:51:15","guid":{"rendered":"http:\/\/www.bu.edu\/tech\/?page_id=87853"},"modified":"2025-12-05T15:22:51","modified_gmt":"2025-12-05T20:22:51","slug":"sensitive-data","status":"publish","type":"page","link":"https:\/\/www.bu.edu\/tech\/services\/security\/cyber-security\/sensitive-data\/","title":{"rendered":"Sensitive Data Incident Response"},"content":{"rendered":"<div class=\" bu-callout alignright\"><\/p>\n<h3><span class=\"tw icon-mapmarker\"><\/span> Quick Start<\/h3>\n<p><strong>Available to:<\/strong> Students, Faculty, Researchers, Staff, Departments, IT Professionals<\/p>\n<p><strong>Cost:<\/strong> No charge for most cases. In certain large scale incidents, some business units might be asked to help defer the costs of external services, such as credit monitoring and notification services.<\/p>\n<p><\/div>\n<p>Information Security manages and maintains the <a href=\"https:\/\/www.bu.edu\/policies\/cyber-incident-response-policy\/\">Cyber Incident Response Policy<\/a> for incidents and events involving loss of data that includes sensitive and protected information such as social security numbers, credit card numbers, or any data classified as internal use, confidential, or restricted use. For a complete listing of data classified as sensitive, please see the <a href=\"http:\/\/www.bu.edu\/policies\/data-classification-policy\/\" title=\"BU Data Classification Guide\">BU Data Classification Guide.<\/a><\/p>\n<h2>Getting Started<\/h2>\n<ul>\n<li>Security is everyone\u2019s responsibility. If you see anything that suggests we may have a cybersecurity incident or event, contact the <a href=\"https:\/\/www.bu.edu\/tech\/contact\/\">IT Help Center<\/a><\/li>\n<li><span style=\"color: #ff0000;\"><strong>If you suspect a cybersecurity incident or event, DO NOT power off, log in to, continue to use, or alter any system\u00a0 unless directed to do so by the Incident Response Team (IRT)\u00a0<\/strong><\/span><\/li>\n<\/ul>\n<h2>Benefits<\/h2>\n<p>Having an approved, documented procedure is crucial for handling potential data loss incidents properly. In the unfortunate event where such information may have been accessed by unauthorized individuals, there are regulatory requirements to which the University must adhere.<\/p>\n<h2>Key Features<\/h2>\n<ul>\n<li>IRT (BU Information Security Incident Response Team) \u2013 Coordinates the technical response to cybersecurity incidents at the University<\/li>\n<li>CISO (<span>Chief Information Security Officer<\/span>) \u2013 <span>The Chief Information Security Officer is responsible for defining a cross-functional\u00a0<\/span><strong>Senior Incident Management Team (SIMT)<\/strong><span>\u00a0of university leadership that will provide oversight and be able to bring additional resources to aid in response during a major incident.<\/span><\/li>\n<li>The First Responder Checklist \u2013 Provides guidance to the first people to observe indicators that a security issue may be occurring<\/li>\n<\/ul>\n<h2>What to Expect<\/h2>\n<p>This service is available 24 hours a day, 7 days a week.<\/p>\n<p>Incidents are triaged according to the severity of the incident. Some factors that contribute to severity are:<\/p>\n<ul>\n<li>Safety concerns for people and buildings<\/li>\n<li>Loss or exposure of personal or institutional data<\/li>\n<li>Violation of laws and contracts<\/li>\n<li>Interruption of service to a community<\/li>\n<li>The size of the affected community<\/li>\n<\/ul>\n<h2>Requirements<\/h2>\n<p>Anyone can and should report a suspected data breach incident.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cyber Security Incidents that may involve sensitive data must be managed correctly to ensure rapid resolution in such a way as to comply with legal requirements and applicable regulations and to preserve important investigative and forensic information&#8230;.<\/p>\n","protected":false},"author":1356,"featured_media":0,"parent":87822,"menu_order":1,"comment_status":"closed","ping_status":"closed","template":"service.php","meta":[],"_links":{"self":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/87853"}],"collection":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/users\/1356"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/comments?post=87853"}],"version-history":[{"count":21,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/87853\/revisions"}],"predecessor-version":[{"id":160419,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/87853\/revisions\/160419"}],"up":[{"embeddable":true,"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/pages\/87822"}],"wp:attachment":[{"href":"https:\/\/www.bu.edu\/tech\/wp-json\/wp\/v2\/media?parent=87853"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}