Phishing Response Policy for Rockhurst University

1. Purpose

To outline the procedures for responding to phishing campaigns targeting Rockhurst University to minimize their impact and ensure a swift recovery.

2. Scope

This policy applies to all faculty, staff, students, and any other stakeholders who use Rockhurst University’s information systems.

3. Policy Statement

Rockhurst University is dedicated to protecting its community from phishing attacks. This policy provides a structured response to phishing incidents to mitigate their effects and protect sensitive information.

4. Definitions

Phishing: A malicious attempt to acquire sensitive information by posing as a trustworthy entity.
Spear Phishing: A targeted attempt aimed at specific individuals or departments.
Incident Command System (ICS): A group of individuals tasked with handling security incidents.

5. Detection and Reporting

Detection Mechanisms: Utilize email filters, SIEM systems, and other monitoring tools to detect potential phishing attempts.
Reporting Procedures:
1. Email Reporting: If an email is suspected to be a phishing attempt, forward it to phishing@rockhurst.edu.
2. Hotline Reporting: Call the dedicated phishing hotline at [insert hotline number].
3. Online Form: Complete the phishing incident report form available on the university’s intranet.

6. Immediate Response

Initial Assessment: The ICS will quickly assess the reported phishing attempt to determine its legitimacy and scope.
Containment Measures:
1. Block the sender’s email address.
2. Disable any malicious links.
3. Isolate compromised systems from the network.
Communication: Inform potentially affected users and provide instructions on how to proceed.

7. Investigation

Evidence Collection: Gather all relevant information, including email headers, URLs, and affected systems.
Analysis: Determine the phishing attack’s origin, the methods used, and the extent of the compromise.
User Impact Assessment: Identify which users might have been affected and what information may have been compromised.

8. Remediation

Password Resets: Promptly reset passwords for affected accounts.
System Restoration: Restore any compromised systems to their last known good state using backups.
Security Patches: Apply necessary security patches to prevent similar incidents.

9. Communication and Support

Internal Communication: Keep the university community informed about ongoing phishing threats and provide updates on the response efforts.
Support Services: Offer support services to affected individuals, including guidance on monitoring for identity theft and assistance with any needed recovery actions.

10. Post-Incident Review

Debriefing Session: Conduct a debriefing session with the ICS to review the incident and response actions.
Root Cause Analysis: Perform a root cause analysis to understand how the phishing attack succeeded.
Policy and Procedure Updates: Update policies, procedures, and training programs based on lessons learned.

11. Training and Awareness

Continuous Education: Regularly update and conduct phishing awareness training for all university members.
Simulated Phishing Exercises: Conduct periodic phishing simulations to test and improve the community’s readiness and response.
Hints & Tips: Issue bi-weekly topics to keep security top of mind to all employees and students.

12. Continuous Improvement

Regular Audits: Perform regular security audits to ensure the effectiveness of phishing detection and response measures.
Feedback Collection: Gather feedback from the community to identify areas for improvement and enhance the response process.

13. Compliance and Enforcement

Adherence to Policy: All university members must adhere to this policy. Failure to do so may result in disciplinary actions as outlined in the university’s code of conduct.
Legal and Regulatory Compliance: Ensure all response actions comply with relevant legal and regulatory requirements.

14. Review and Revision

This policy will be reviewed annually and updated as necessary to address new threats, incorporate technological advancements, and include community feedback.

Last Review Date

07/03/2025