State University System Office

Information Security Incident Response Plan


A state university System Office with over 200,000 students wanted to develop an Information Security Incident Response Plan to inform and prepare processes to effectively handle cybersecurity incidents related to the System Office and campus-hosted information resources.

The project goal was to design response plans to define necessary roles and responsibilities for users, technical specialists and executive leadership and identify required System Office expertise to effectively manage information security incidents, minimize the negative consequences and promptly restore affected operations.

Working with the System Office team, we developed the following deliverables:

  • Information Security Incident Response Team (ISIRT) definition and charter
  • Incident Response Plan and Process Flows
  • Executive Security Review Team (ESRT) Procedures and Decision Flow for Breaches
  • Notification Templates

Throughout the project, we followed the NIST 800-61 guidelines for managing the lifecycle of information security incidents. These guidelines include the following activities: Preparation, Detection & Analysis, Containment, Eradication & Recovery, and Post-Incident Activity.


  • Coordinated shared governance and buy-in across multiple teams
  • Developed sustainable framework and processes for incident response
  • Identified clear processes for executive role and leadership within incident response process
  • Created just-in-time templates to use for urgent situations


  • Information Security Incident Response Team definition and charter
  • Incident Response plan and process flows
  • Executive Security Review Team procedures and decision flow
  • Development of notification templates


  • Cybersecurity
  • Information Security
  • Incidence Response Plan
  • Client: State University System Office
  • Project Type: Education
  • Services: Information Security Initiative