This Control applies to the university Chief Information Security Officer and Information Resource Owner.

Information Resource Owners are responsible for responding to information spills by:

• 1.1

  Identifying the specific information involved in the system contamination.

• 1.2

  Alerting the CISO of the information spill according to reporting guidelines described in IR-6, and using a method of communication not associated with the spill.

The Office of the CISO is responsible to respond to the report of information spillage by:

• 2.1

  Isolating the contaminated system or system component.

• 2.2

  Eradicating the information from the contaminated system or component.

• 2.3

  Identifying other systems or system components that may have been subsequently contaminated.