The URL can be used to link to this page

Home My WebLink AboutF17.0 Security Incident Containment �'l3llRl�ll `Y 111CJ- 1' E A S CITY OF GRAPEVINE ADMINISTRATIVE POLICY SUBJECT: SECURITY INCIDENT SECTION: F NUMBER: 17.0 CONTAINMENT PREPARED BY: Information Technology REVISED DATE: 02/01/2014 PAGE: 1 of 2 PURPOSE 17.1 The purpose of the Security Incident Containment policy is to define the need to contain a known security incident to stop any further damage and/or to keep it from spreading to other network nodes in the City. This policy acknowledges that there are times when IT services need to be temporarily shut down and/or portions of the network need to be temporarily disconnected in order to stop an on-going security incident or to contain it from spreading further into the City network. POLICY This policy applies to all network resources at the City of Grapevine in all City owned buildings and in all departments. 17.2 Containment City IT resources engaged in active attacks against other IT resources must be contained immediately. This includes compromised nodes capable of spreading the compromise to other nodes. City IT resources being attacked from an outside source must be disconnected from the network immediately. All compromises must be contained as soon as possible. Special consideration regarding service disruption for mission critical applications can be considered when necessary. Containment can be achieved by immediately disconnecting the resource from the network, revoking user access, shutting off VLANS or other means as appropriate. 17.3 Notifications The City Manager's office, all department directors and managers in affected departments will be notified prior to or concurrent with a service interruption applied as the result of a security incident containment procedure. Notifications will occur as soon as possible directly by phone, text messages, or e-mail, in that order. CITY OF GRAPEVINE ADMINISTRATIVE POLICY SUBJECT: SECURITY INCIDENT SECTION. F NUMBER: 17.0 CONTAINMENT PREPARED BY: Information Technology REVISED DATE: 02/01/2014 PAGE: 2 of 2 17.4 Authority IT in its primary responsibility for security of the City network reserves the right to make network containment decisions during a security incident for the ultimate good of the City as a whole. These decisions will be made by the IT director or the IT assistant director. While inconvenient, containment is sometimes necessary to protect the City systems from further damage. All containments never last Iongerthan necessary to resolve the security issue.