UC Berkeley security policy mandates compliance with Minimum Security Standard for Electronic Information for devices handling covered data. The recommendations below are provided as optional guidance for incident response requirements.
Requirement
Resource Proprietors are responsible for training all End Users on incident reporting procedures.
Description of Risk
If users and system administrators are not aware of incident response procedures, response will be delayed and evidence can be corrupted or lost, greatly increasing the potential impact of an incident.
Recommendations
Resource proprietors should ensure incident reporting procedures are published and communicated to end users, including employees, contractors and third party users, regarding reporting security incidents to the designated incident handling personnel. Such information should be included in employee awareness and training communications.
Incident handling personnel, as designated in the incident response plan, should conduct periodic incident scenario sessions to ensure that they understand current threats and risks, as well as reviewing the incident response plan to confirm their responsibilities in supporting the incident response activities.