Presentation is loading. Please wait.

Presentation is loading. Please wait.

DHS SECURITY INCIDENT REPORTING AND RESPONSE SECURITY INCIDENT REPORTING AND RESPONSE DHS managers, employees, and other authorized information users.

Published byOliver Potter Modified over 9 years ago

Similar presentations

Presentation on theme: "DHS SECURITY INCIDENT REPORTING AND RESPONSE SECURITY INCIDENT REPORTING AND RESPONSE DHS managers, employees, and other authorized information users."— Presentation transcript:

1

2 DHS SECURITY INCIDENT REPORTING AND RESPONSE

3 SECURITY INCIDENT REPORTING AND RESPONSE DHS managers, employees, and other authorized information users (such as contractors) are required to report security incidents affecting DHS information. To report an incident, go to: DHSShare; Security & Privacy tab; the Incident Reporting box is located in the upper right hand corner of page: DHS Real Time Incident Reporting – click the box to report an incident. The direct link is listed here: https://dhs.arkansas.gov/reporting/itsec_form.php Reporting incidents is mandated by DHS policy. 2014 DHS IT Security & Privacy Training 2

4 POLICY 5007: SECURITY INCIDENT REPORTING AND RESPONSE A security incident may be a suspected or an actual unauthorized attempt to alter DHS information. The attempt may be to acquire, access, use, disclose, modify, or destruct DHS data. A security incident may also be a suspected or an actual unauthorized attempt to interfere with a DHS Information System. 2014 DHS IT Security & Privacy Training 3

5 POLICY 5007: SECURITY INCIDENT REPORTING AND RESPONSE Completing an Incident Report will submit the incident to the DHS Security and Privacy officers. The DHS Security and Privacy officers must document security incidents and maintain incident activity logs. 2014 DHS IT Security & Privacy Training 4

6 POLICY 5007: SECURITY INCIDENT REPORTING AND RESPONSE It is suggested that you become familiar with the Incident Reporting form before you need to use it. The next slides identify the parts of the form, and the information needed to complete it. 2014 DHS IT Security & Privacy Training 5

7 POLICY 5007: SECURITY INCIDENT REPORTING AND RESPONSE The form is located on DHS Share on the Security & Privacy tab. Click on the DHS Real Time Incident Reporting box on the right side of the screen. 2014 DHS IT Security & Privacy Training 6

8 POLICY 5007: SECURITY INCIDENT REPORTING AND RESPONSE 2014 DHS IT Security & Privacy Training 7 Here is part of the form:

9 POLICY 5007: SECURITY INCIDENT REPORTING AND RESPONSE These are the kinds of incidents that must be reported : Downloading music and movies because: It’s probably a copyright violation; It’s a DHS policy violation; Email hoaxes; Failure to follow DHS security policies; Unauthorized access, acquisition, use or disclosure of: Personal Identifying Information (PII) or Private Health Information (PHI); Misuse of a State computer or DHS Information System, which includes: Unauthorized use or disclosure of confidential / sensitive information; Installing or downloading non-work-related software onto a DHS computer; Password sharing; Phishing scams; Physical invasion into or interference with DHS facilities containing information systems. 2014 DHS IT Security & Privacy Training 8

10 POLICY 5007: SECURITY INCIDENT REPORTING AND RESPONSE These are the kinds of incidents that must be reported: Loss or theft of: Laptop computers or client paper records; DHS Cell phones or other smartphones; Knowledge of a need for emergency deactivation of a User’s access to DHS Information Systems Generally because of a perceived threat by the User; Social engineering attempts; Behavior that might threaten the safety or security of DHS information or Information Systems; Suspected hacking attempts; Theft or attempted theft of computers, flash drives, mobile devices, cell phones or smart phones, or PHI or personally identifiable information; Unauthorized devices connected to DHS Information Systems or containing DHS information; Unauthorized software installed or located on a DHS Information System; Virus or malware activity. 2014 DHS IT Security & Privacy Training 9

11 POLICY 5007: SECURITY INCIDENT REPORTING AND RESPONSE In addition to your identifying information, be sure to include: A complete incident description – list as much information as you have about the incident. Actions taken – whatever has already been done about the incident. Describe any potential loss of confidential information – describe in as much detail as possible. 2014 DHS IT Security & Privacy Training 10

12 POLICY 5007: SECURITY INCIDENT REPORTING AND RESPONSE DHS employees are required to report security incidents. Reporting incidents protects employees, the agency, clients and DHS information and IT systems from harm or potential harm. 2014 DHS IT Security & Privacy Training 11

13 POLICY 5007: SECURITY INCIDENT REPORTING AND RESPONSE All incidents will be investigated. Investigations involving employee action will include the DHS Office of Chief Counsel and the appropriate division executive. 2014 DHS IT Security & Privacy Training 12

Download ppt "DHS SECURITY INCIDENT REPORTING AND RESPONSE SECURITY INCIDENT REPORTING AND RESPONSE DHS managers, employees, and other authorized information users."

Similar presentations

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.

Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Rockingham County Public Schools Technology Acceptable Use Policy

Rockingham County Public Schools Technology Acceptable Use Policy
Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.

Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Hart District Acceptable Use Policy Acceptable Use Policy.

Hart District Acceptable Use Policy Acceptable Use Policy.
Hipaa privacy and Security

Hipaa privacy and Security
Before reviewing the following presentation click on the links below and print off the documents: NAM-43 The Bair Foundation HIPAA Policy NAM- 89 HIPAA.

Before reviewing the following presentation click on the links below and print off the documents: NAM-43 The Bair Foundation HIPAA Policy NAM- 89 HIPAA.
June 04, 2013 Robin Thomas, NC III, Presenter. PRIVACY BREACHES A privacy breach is an unauthorized disclosure of PHI/PCI violating either Federal or.

June 04, 2013 Robin Thomas, NC III, Presenter. PRIVACY BREACHES A privacy breach is an unauthorized disclosure of PHI/PCI violating either Federal or.
Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.

Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.

SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.
The Privacy Office U.S. Department of Homeland Security Washington, DC 20528 t: 703-235-0780; f: 703-235-0442 Safeguarding.

The Privacy Office U.S. Department of Homeland Security Washington, DC t: ; f: Safeguarding.
Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.

Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.
CIT 1100. In this chapter you will learn how to:  Explain the threats to your computers and data  Describe key security concepts and technologies.

CIT In this chapter you will learn how to:  Explain the threats to your computers and data  Describe key security concepts and technologies.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.

1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.
Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.

Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.
Internet safety By Lydia Snowden.

Internet safety By Lydia Snowden.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.

Similar presentations

Ads by Google