Incident Response Standard for Cybersecurity


This standard outlines the procedures and responsibilities for responding to cybersecurity incidents within the university to protect the confidentiality, integrity, and availability of university information assets, minimize damage, and maintain the trust of the university community.


This standard applies to all university departments, units, employees, contractors, and third-party service providers who handle university data and information systems.


3.1 Reporting

3.1.1 All personnel who suspect or discover a cybersecurity incident must immediately report it to the designated incident response team or contact. If contact is unknown, please reach out to USNH Helpdesk at (603) 862-4242 or… 

3.2 Classification

3.2.1 Incidents should be classified based on severity and potential impact to determine the appropriate response level.

3.3 Incident Response Process

3.3.1 Incident Response Team

The university will maintain a dedicated incident response team responsible for coordinating and executing the incident response plan. 

3.4 Assessment

3.4.1 Upon notification, the incident response team will assess the incident's scope, impact, and potential risks. 

3.5  Containment and Mitigation:

3.5.1 Immediately contain and mitigate the incident to prevent further damage or data loss. 

3.6  Eradication:

3.6.1 Identify the root cause and eliminate the source of the incident. 

3.7  Recovery:

3.7.1 Implement recovery plans and restore affected systems and services to regular operation. 

3.8  Communication:

3.8.1 As necessary, maintain clear and timely communication with all relevant stakeholders, including affected parties, university leadership, legal counsel, and law enforcement. 

3.9 Documentation:

3.9.1 Maintain detailed incident records, including actions taken, evidence collected, and communications. 

3.10  Legal and Regulatory Compliance:

3.10.1 Comply with all applicable laws and regulations concerning cybersecurity incidents. 

3.11 Notification:

3.11.1 Notify affected individuals if applicable data breach notification laws compromise their personal information. 

3.12  Lessons Learned:

3.12. 1 Conduct a post-incident analysis to identify weaknesses in the incident response process and make necessary improvements.


  • Approved by: Thomas Nudd, Chief Information Security Officer 
  • Reviewed by: Dr David A Yasenchock, Director, Cybersecurity GRC 
  • Revision History: V 1.1 December 13, 2022, Cybersecurity GRC Working Group 
    •  V 1.2 April 22, 2024, Cybersecurity GRC Working Group
    • Revised formatting, K SWEENEY, 30 MAY 2024