SECURITY INCIDENT REPORTING AND RESPONSE DHS managers,
employees, and other authorized information users (such as
contractors) are required to report security incidents affecting
DHS information. To report an incident, go to: DHSShare; Security
& Privacy tab; the Incident Reporting box is located in the
upper right hand corner of page: DHS Real Time Incident Reporting
click the box to report an incident. The direct link is listed
here: https://dhs.arkansas.gov/reporting/itsec_form.php Reporting
incidents is mandated by DHS policy. 2014 DHS IT Security &
Privacy Training 2
Slide 4
POLICY 5007: SECURITY INCIDENT REPORTING AND RESPONSE A
security incident may be a suspected or an actual unauthorized
attempt to alter DHS information. The attempt may be to acquire,
access, use, disclose, modify, or destruct DHS data. A security
incident may also be a suspected or an actual unauthorized attempt
to interfere with a DHS Information System. 2014 DHS IT Security
& Privacy Training 3
Slide 5
POLICY 5007: SECURITY INCIDENT REPORTING AND RESPONSE
Completing an Incident Report will submit the incident to the DHS
Security and Privacy officers. The DHS Security and Privacy
officers must document security incidents and maintain incident
activity logs. 2014 DHS IT Security & Privacy Training 4
Slide 6
POLICY 5007: SECURITY INCIDENT REPORTING AND RESPONSE It is
suggested that you become familiar with the Incident Reporting form
before you need to use it. The next slides identify the parts of
the form, and the information needed to complete it. 2014 DHS IT
Security & Privacy Training 5
Slide 7
POLICY 5007: SECURITY INCIDENT REPORTING AND RESPONSE The form
is located on DHS Share on the Security & Privacy tab. Click on
the DHS Real Time Incident Reporting box on the right side of the
screen. 2014 DHS IT Security & Privacy Training 6
Slide 8
POLICY 5007: SECURITY INCIDENT REPORTING AND RESPONSE 2014 DHS
IT Security & Privacy Training 7 Here is part of the form:
Slide 9
POLICY 5007: SECURITY INCIDENT REPORTING AND RESPONSE These are
the kinds of incidents that must be reported : Downloading music
and movies because: Its probably a copyright violation; Its a DHS
policy violation; Email hoaxes; Failure to follow DHS security
policies; Unauthorized access, acquisition, use or disclosure of:
Personal Identifying Information (PII) or Private Health
Information (PHI); Misuse of a State computer or DHS Information
System, which includes: Unauthorized use or disclosure of
confidential / sensitive information; Installing or downloading
non-work-related software onto a DHS computer; Password sharing;
Phishing scams; Physical invasion into or interference with DHS
facilities containing information systems. 2014 DHS IT Security
& Privacy Training 8
Slide 10
POLICY 5007: SECURITY INCIDENT REPORTING AND RESPONSE These are
the kinds of incidents that must be reported: Loss or theft of:
Laptop computers or client paper records; DHS Cell phones or other
smartphones; Knowledge of a need for emergency deactivation of a
Users access to DHS Information Systems Generally because of a
perceived threat by the User; Social engineering attempts; Behavior
that might threaten the safety or security of DHS information or
Information Systems; Suspected hacking attempts; Theft or attempted
theft of computers, flash drives, mobile devices, cell phones or
smart phones, or PHI or personally identifiable information;
Unauthorized devices connected to DHS Information Systems or
containing DHS information; Unauthorized software installed or
located on a DHS Information System; Virus or malware activity.
2014 DHS IT Security & Privacy Training 9
Slide 11
POLICY 5007: SECURITY INCIDENT REPORTING AND RESPONSE In
addition to your identifying information, be sure to include: A
complete incident description list as much information as you have
about the incident. Actions taken whatever has already been done
about the incident. Describe any potential loss of confidential
information describe in as much detail as possible. 2014 DHS IT
Security & Privacy Training 10
Slide 12
POLICY 5007: SECURITY INCIDENT REPORTING AND RESPONSE DHS
employees are required to report security incidents. Reporting
incidents protects employees, the agency, clients and DHS
information and IT systems from harm or potential harm. 2014 DHS IT
Security & Privacy Training 11
Slide 13
POLICY 5007: SECURITY INCIDENT REPORTING AND RESPONSE All
incidents will be investigated. Investigations involving employee
action will include the DHS Office of Chief Counsel and the
appropriate division executive. 2014 DHS IT Security & Privacy
Training 12