PCI DSS v3.2 - Appendix 1 - Incident Response Plan
4
f. Action taken upon discovery
g. Explanation of impact and impact on daily activities
h. Any additional information
3. The Response Team will immediately coordinate a response and reply to this initial
notification/communication to confirm they are aware of the incident.
4. If the incident involves a payment station (PC used to process credit cards):
a. Do NOT turn off the PC.
b. Disconnect the network cable connecting the PC to the network jack. If the cable is
secured and you do not have the key to the network jack, simply cut the network
cable.
5. Document any steps taken until the Response Team has arrived. Include the date, time,
person/persons involved and action taken for each step.
6. Assist the Response Team as they investigate the incident.
Incident Response Team Procedures
The UW Oshkosh Credit Card Security Incident Response Team must be contacted by a department
in the event of a system compromise or a suspected system compromise. After being notified of a
compromise, the Response Team, along with other designated university staff from Computers and
Information Technology, will implement their incident response plan to assist and augment
departments’ response plans.
In response to a system compromise, the Response Team and Computers and Information
Technology will:
1. Ensure compromised system is isolated on/from the network.
2. Gather, review and analyze all centrally maintained system, firewall, file integrity and
intrusion detection/protection system logs and alerts.
3. Assist department in analysis of locally maintained system and other logs, as needed.
4. Conduct appropriate forensic analysis of compromised system.
5. If an incident of unauthorized access is confirmed and card holder data was potentially
compromised, the PCI Committee, depending on the nature of the data compromise, must
notify the appropriate organizations that may include the following:
a. UW Oshkosh Chief Financial Officer and the Chief Information Officer
b. UW Oshkosh Internal Audit group
c. UW Oshkosh Acquiring Bank(s), the Acquiring Bank will be responsible for
communicating with the card brands (VISA, MasterCard)
i. see Bank Breach Response Plan
ii. see Visa – Responding to a Breach
iii. see MasterCard – Responding to a Breach
d. If American Express payment cards are potentially included in the breach the
University is responsible for notifying and working with American Express
i. For incidents involving American Express cards, contact American Express
Enterprise Incident Response Program (EIRP) within 24 hours after the
reported incident.
1. Phone number: (888) 732-3750
2. Email: EIRP@aexp.com.
ii. For more detail see American Express – Responding to a Breach