 |
|
 |
| Introduction - SharePoint
Incident Management Policy |
The number of SharePoint security incidents and the resulting cost of
business disruption and service restoration continue to escalate. Implementing
solid SharePoint security policies, blocking unnecessary access to networks and
computers, improving [SharePoint Portal Owning Organization] user security
awareness, and early detection and mitigation of security incidents are some the
actions that can be taken to reduce the risk and drive down the cost of security
incidents. |
| Purpose |
This [SharePoint Portal Owning Organization] SharePoint Incident Management
Policy describes the requirements for dealing with SharePoint security
incidents. SharePoint security incidents include, but are not limited to: virus,
worm, and Trojan horse detection, unauthorized use of computer accounts and
SharePoint systems, as well as complaints of improper use of SharePoint
resources. |
| Audience |
The [SharePoint Portal Owning Organization] SharePoint Incident Management
Policy applies equally to all individuals that use any [SharePoint Portal Owning
Organization] SharePoint resources. |
| SharePoint Incident
Management Policy |
- [SharePoint Portal Owning Organization] [every organization should have
a committee to handle security incidents, enter that name here] members have
pre-defined roles and responsibilities which can take priority over normal
duties.
- Whenever a SharePoint security incident occurs, such as a virus, worm,
hoax email, discovery of hacking tools, altered data, etc. is suspected or
confirmed, the appropriate, documented SharePoint incident management
procedures must be followed.
- The [SharePoint Portal Owning Organization] SharePoint administratior
and user community is responsible for notifying the [SharePoint Portal
Owning Organization / Incident Handling Unit labeled above] whom initiates
the appropriate incident management action including restoration as defined
by [SharePoint Portal Owning Organization / Incident Handling Unit labeled
above].
- The [SharePoint Portal Owning Organization / Incident Handling Unit
labeled above] is responsible for determining the physical and electronic
evidence to be gathered as part of the Incident Investigation. This can
involve the investigation of several servers, including the ISA or other
machines in between the client and afflicted system.
- The appropriate SharePoint and Systems Technical Resources from the [SharePoint
Portal Owning Organization / Incident Handling Unit labeled above] are
responsible for monitoring that any damage from a security incident is
repaired or mitigated and that the vulnerability is eliminated or minimized
where possible.
- The [SharePoint Portal Owning Organization / Incident Handling Unit
labeled above] will determine if a widespread [SharePoint Portal Owning
Organization] communication is required, the content of the communication,
and how best to distribute the communication.
- The appropriate technical resources from the [SharePoint Portal Owning
Organization / Incident Handling Unit labeled above] are responsible for
communicating new issues or vulnerabilities to Microsoft (SharePoint vendor)
and working with the vendor to eliminate or mitigate the vulnerability.
- The [SharePoint Portal Owning Organization / Incident Handling Unit
labeled above] is responsible for initiating, completing, and documenting
the incident investigation.
- The ISO is responsible for coordinating communications with outside
organizations and law enforcement.
- In the case where law enforcement is not involved, the [SharePoint
Portal Owning Organization / Incident Handling Unit labeled above] will
recommend disciplinary actions.
- In the case where law enforcement is involved, the [SharePoint Portal
Owning Organization / Incident Handling Unit labeled above] will act as the
liaison between law enforcement and [SharePoint Portal Owning Organization].
|
| SharePoint Incident
Management Policy Supporting Information |
- All [SharePoint Portal Owning Organization] SharePoint users are
responsible for managing their use of SharePoint and are accountable for
their actions relating to SharePoint security. Users are also equally
responsible for reporting any suspected or confirmed violations of this
policy to the appropriate management responsible for SharePoint security
incident handling.
- The use of SharePoint must be for officially authorized business
purposes only. There is no guarantee of personal privacy or access to tools
such as, but not limited to; SharePoint areas, WSS team sites, any and all
collaboration and communication functionality, and any sister sever
integrations (i.e. integrated Microsoft Exchange environments). The use of
Sharepoint and SharePoint related tools may be monitored to fulfill
complaint or investigation requirements, including forensic an analysis into
IDS or other security systems. Departments responsible for custody and
operations of the SharePoint servers (custodian departments) shall be
responsible for proper authorization of SharePoint server utilization, the
establishment of effective use, and reporting of performance to management.
- Any data housed within SharePoint must be kept confidential and secure
by the respectful [SharePoint Portal Owning Organization] SharePoint user.
The fact that the business data may be stored electronically (i.e. document
library or SharePoint list) does not change the requirement to keep the
information confidential and secure. The type of information or the
information itself is the basis for determining whether the data must be
kept confidential and secure. Furthermore if this data is stored in a paper
or electronic format, or if the data is copied, printed, or electronically
transmitted the data must still be protected as confidential and secured.
- [SharePoint Portal Owning Organization] server custodian departments
must provide adequate access controls in order to monitor SharePoint systems
to protect business data and associated programs from misuse in accordance
with the needs defined by owner departments. All SharePoint access must be
properly documented, authorized and controlled, following [SharePoint Portal
Owning Organization] standardized processes.
- All commercial SharePoint software used in [SharePoint Portal Owning
Organization]’s SharePoint environment (i.e. Web Parts) must be supported by
a software license agreement that specifically describes the usage rights
and restrictions of the product. SharePoint users must abide by all license
agreements and must not illegally copy licensed software. [SharePoint Portal
Owning Organization] reserves the right to remove any unlicensed software
from the SharePoint environment.
- [SharePoint Portal Owning Organization] reserves the right to remove any
non-business related SharePoint software or files from the SharePoint
environment.
|
| Disciplinary Actions |
Violation of this policy may result in disciplinary action which may include
termination for employees and temporaries; a termination of employment relations
in the case of contractors or consultants; dismissal for interns and volunteers;
or suspension or expulsion in the case of a student. Additionally, individuals
are subject to loss of [SharePoint Portal Owning Organization] SharePoint access
privileges, civil, and criminal prosecution. |
| Compliance / Regulation
Contributed to by this Policy |
- Copyright Act of 1976
- Foreign Corrupt Practices Act of 1977
- Computer Fraud and Abuse Act of 1986
- Computer Security Act of 1987
- The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
|
|
|
|
Any Templates Provided On This Site Are Provided Without Warranty Or Implication. To Brand The Template(s) Replace The [SharePoint Portal Server Owning Organization] With Your Company Name
|
|
|
| |
|
 |
Site 
Home 
About ARB
Blog 
SharePoint Dev Center 
Security Labs 
Contact
