DHS SECURITY INCIDENT REPORTING AND RESPONSE SECURITY INCIDENT REPORTING AND RESPONSE DHS managers, employees, and other authorized information users.

Slides:



Advertisements
Similar presentations
Providing protection from potential security threats that exist for any internet-connected computer is termed e- security. It is important to be able to.
Advertisements

Rockingham County Public Schools Technology Acceptable Use Policy
Computer and Mobile Device Equipment Security Brief May 29, 2008 Presented by: Kevin G. Sutton, Chief, Information Technology Unit.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Hart District Acceptable Use Policy Acceptable Use Policy.
Hipaa privacy and Security
Before reviewing the following presentation click on the links below and print off the documents: NAM-43 The Bair Foundation HIPAA Policy NAM- 89 HIPAA.
June 04, 2013 Robin Thomas, NC III, Presenter. PRIVACY BREACHES A privacy breach is an unauthorized disclosure of PHI/PCI violating either Federal or.
Invasion of Smart Phones in Clinical Areas Chrissy Kyak Privacy Officer University of Maryland Upper Chesapeake Health.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.
The Privacy Office U.S. Department of Homeland Security Washington, DC t: ; f: Safeguarding.
Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.
CIT In this chapter you will learn how to:  Explain the threats to your computers and data  Describe key security concepts and technologies.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.
Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.
Internet safety By Lydia Snowden.
Internet Safety Basics Being responsible -- and safer -- online Visit age-appropriate sites Minimize chatting with strangers. Think critically about.
Information Security Technological Security Implementation and Privacy Protection.
Cyber Crimes.
HIPAA Privacy & Security Kay Carolin Barbara Ann Karmanos Cancer Center March 2009.
MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.
Information Security and YOU!. Information Assurance Outreach Information Security Online Security Remote Access with Demonstration The Cloud Social.
IT security By Tilly Gerlack.
Ames Laboratory Privacy and Personally Identifiable Information (PII) Training Welcome to the Ames Laboratory’s training on Personally Identifiable Information.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Arkansas State Law Which Governs Sensitive Information…… Part 3B
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Use of U.T. Austin Property Computers: Security & Acceptable Use The University of Texas at Austin General Compliance Training Program.
University Health Care Computer Systems Fellows, Residents, & Interns.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
Children’s Hospital Requirements for Remote Access.
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.
Monitoring Employees on Networks: Unethical or Good Business?
Phishing scams Phishing is the fraudulent practice of sending s purporting to be from reputable companies in order to induce individuals to reveal.
EAST HARDIN MIDDLE SCHOOL MR. ERVIN Internet Safety Policy and Acceptable Use Procedures.
What are the rules? Information technology is available to every student, faculty and staff member in support of the essential mission of the University.
Dimeji Ogunshola 10b  There are many threats to your computer system. The computer threats can be mainly transferred through unknown s or accidental.
Grades 4-6 Be SAFE Online! Ceres Unified School District.
Desktop Security: Making Sure Your Office Environment is Secure.
Information Security General Awareness Training Module 1 – Introduction For The UF HSC Workforce.
A Road Map to Research at Jefferson: HIPAA Privacy and Security Rules for Researchers Presented By: Privacy Officer/Office of Legal Counsel October 2015.
Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.
CONTROLLING INFORMATION SYSTEMS
Privacy Act United States Army (Managerial Training)
TOP 10 DHS IT SECURITY & PRIVACY BEST PRACTICES #10 Contact The Office of Systems & Technology for appropriate ways to proceed if you need access to.
HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.
Safe Computing Practices. Outline Objective Safe Computing Defined Safe Computing Methods Summary List of References.
ANNUAL HIPAA AND INFORMATION SECURITY EDUCATION. KEY TERMS  HIPAA - Health Insurance Portability and Accountability Act. The primary goal of the law.
Final HIPAA Rule Special Training What you need to know to remain compliant with the new regulations.
Ticket Training Tuesday Properly Safeguarding Personally Identifiable Information (PII)
You are accessing a U.S. Government (USG) Information System (IS) that is provided for USG-authorized use only. By using this IS (which includes any device.
Privacy and Security Challenge Just Browsing Keep out - Private! Pushing IT You sound like a broken record Legal Beagles
POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION NOVEMBER 5 TH 2015.
Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.
Acceptable Use Policy (Draft)
Information Security.
Network security threats
Data Compromises: A Tax Practitioners “Nightmare”
Information Security 101 Richard Davis, Rob Laltrello.
Chapter 3: IRS and FTC Data Security Rules
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
Information Security Training
Student User Agreement and Policy 2022
LO1 - Know about aspects of cyber security
Move this to online module slides 11-56
School of Medicine Orientation Information Security Training
Presentation transcript:

DHS SECURITY INCIDENT REPORTING AND RESPONSE

SECURITY INCIDENT REPORTING AND RESPONSE DHS managers, employees, and other authorized information users (such as contractors) are required to report security incidents affecting DHS information. To report an incident, go to: DHSShare; Security & Privacy tab; the Incident Reporting box is located in the upper right hand corner of page: DHS Real Time Incident Reporting – click the box to report an incident. The direct link is listed here: Reporting incidents is mandated by DHS policy DHS IT Security & Privacy Training 2

POLICY 5007: SECURITY INCIDENT REPORTING AND RESPONSE A security incident may be a suspected or an actual unauthorized attempt to alter DHS information. The attempt may be to acquire, access, use, disclose, modify, or destruct DHS data. A security incident may also be a suspected or an actual unauthorized attempt to interfere with a DHS Information System DHS IT Security & Privacy Training 3

POLICY 5007: SECURITY INCIDENT REPORTING AND RESPONSE Completing an Incident Report will submit the incident to the DHS Security and Privacy officers. The DHS Security and Privacy officers must document security incidents and maintain incident activity logs DHS IT Security & Privacy Training 4

POLICY 5007: SECURITY INCIDENT REPORTING AND RESPONSE It is suggested that you become familiar with the Incident Reporting form before you need to use it. The next slides identify the parts of the form, and the information needed to complete it DHS IT Security & Privacy Training 5

POLICY 5007: SECURITY INCIDENT REPORTING AND RESPONSE The form is located on DHS Share on the Security & Privacy tab. Click on the DHS Real Time Incident Reporting box on the right side of the screen DHS IT Security & Privacy Training 6

POLICY 5007: SECURITY INCIDENT REPORTING AND RESPONSE 2014 DHS IT Security & Privacy Training 7 Here is part of the form:

POLICY 5007: SECURITY INCIDENT REPORTING AND RESPONSE These are the kinds of incidents that must be reported : Downloading music and movies because: It’s probably a copyright violation; It’s a DHS policy violation; hoaxes; Failure to follow DHS security policies; Unauthorized access, acquisition, use or disclosure of: Personal Identifying Information (PII) or Private Health Information (PHI); Misuse of a State computer or DHS Information System, which includes: Unauthorized use or disclosure of confidential / sensitive information; Installing or downloading non-work-related software onto a DHS computer; Password sharing; Phishing scams; Physical invasion into or interference with DHS facilities containing information systems DHS IT Security & Privacy Training 8

POLICY 5007: SECURITY INCIDENT REPORTING AND RESPONSE These are the kinds of incidents that must be reported: Loss or theft of: Laptop computers or client paper records; DHS Cell phones or other smartphones; Knowledge of a need for emergency deactivation of a User’s access to DHS Information Systems Generally because of a perceived threat by the User; Social engineering attempts; Behavior that might threaten the safety or security of DHS information or Information Systems; Suspected hacking attempts; Theft or attempted theft of computers, flash drives, mobile devices, cell phones or smart phones, or PHI or personally identifiable information; Unauthorized devices connected to DHS Information Systems or containing DHS information; Unauthorized software installed or located on a DHS Information System; Virus or malware activity DHS IT Security & Privacy Training 9

POLICY 5007: SECURITY INCIDENT REPORTING AND RESPONSE In addition to your identifying information, be sure to include: A complete incident description – list as much information as you have about the incident. Actions taken – whatever has already been done about the incident. Describe any potential loss of confidential information – describe in as much detail as possible DHS IT Security & Privacy Training 10

POLICY 5007: SECURITY INCIDENT REPORTING AND RESPONSE DHS employees are required to report security incidents. Reporting incidents protects employees, the agency, clients and DHS information and IT systems from harm or potential harm DHS IT Security & Privacy Training 11

POLICY 5007: SECURITY INCIDENT REPORTING AND RESPONSE All incidents will be investigated. Investigations involving employee action will include the DHS Office of Chief Counsel and the appropriate division executive DHS IT Security & Privacy Training 12

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.