 NSTSSI Security Education Standards |
| NSTSSI Security Education Standards |
8. Report security incidents in accordance with agency-specific policy to the DAA when an IS
is compromised
a. Security Violations Reporting Process (incident response)
E - describe the process of responding and reporting of security incidents;
E - comply with agency specific/local directives when reporting to the DAA;
I - assist users and managers with incident response;
I - organize an incident response team;
I - report results of an incident response;
A - evaluate damage done by an incident; and
A - propose actions, changes, modifications to the INFOSEC program and practices
based upon an incident.
b. Security Investigation Procedures
E - describe the process of investigating security procedures;
E - follow the procedures;
E - identify the investigating authorities;
E - assist in investigations as requested;
I - monitor compliance with procedure;
I - explain the procedures to users and managers, the significance of the actions,
and the consequences for variations;
I - propose changes to procedures; and
A - design the investigation procedures with appropriate authorities.
c. Law
(1) Investigative Authorities
E - identify the agencies and offices responsible for investigating security
incidents; and
I - explain to users and managers the roles of various authorities.
(2) Law Enforcement Interfaces (LEI)
E - describe how the ISSO interfaces with law enforcement agencies;
E - describe how to contact and use assistance from LEI; and
A - improve effective coordination with LEI.
(3) Witness Interviewing/Interrogation
E - describe the proper procedures to follow when conducting a witness
interview;
E - identify who can conduct interrogations (investigative agencies only); and
E - assist appropriate authority in witness interviewing/interrogation.
(4) Entrapment
E - defin e entrapment;
I - monitor entrapment techniques which are instituted for compliance with
policies and guidelines; and
A - design entrapment stratagems in coordination with appropriate
authorities.
(5) Disgruntled Employees
E - identify the proper procedures for handling disgruntled employees;
E - monitor handling of disgruntled employees in accordance with established
procedures; and
I - design the procedures to handle disgruntled employees in coordination
with appropriate authorities.
(6) Civil/Criminal Penalties
E - describe the possible civil/criminal penalties resulting from security
incidents.