Strategic Security Intelligence


NSTSSI Security Education Standards


Standards

Top - Help

Copyright(c), 1995 - Management Analytics and Others - All Rights Reserved


8.    Report security incidents in accordance with agency-specific policy to the DAA when an IS
is compromised

              
      a.    Security Violations Reporting Process (incident response)
                    
            E      - describe the process of responding and reporting of security incidents;
            E      - comply with agency specific/local directives when reporting to the DAA;
            I      - assist users and managers with incident response;
            
           
      I      - organize an incident response team;
      I      - report results of an incident response;
      A      - evaluate damage done by an incident; and
      A      - propose actions, changes, modifications to the INFOSEC program and practices
              based upon an incident.
            
  
b.    Security Investigation Procedures

                    
      E      - describe the process of investigating security procedures;
      E      - follow the procedures;
      E      - identify the investigating authorities;
      E      - assist in investigations as requested;
      I      - monitor compliance with procedure;
      I      - explain the procedures to users and managers, the significance of the actions,
              and the consequences for variations;
      I      - propose changes to procedures; and
      A      - design the investigation procedures with appropriate authorities.
      
       
c.    Law
            

      (1)     Investigative Authorities
                                                       
              
              E    - identify the agencies and offices responsible for investigating security
                    incidents; and
              I    - explain to users and managers the roles of various authorities.
            
  
      (2)     Law Enforcement Interfaces (LEI)
      
      
              E    - describe how the ISSO interfaces with law enforcement agencies;
              E    - describe how to contact and use assistance from LEI; and
              A    - improve effective coordination with LEI.


      (3)     Witness Interviewing/Interrogation

      
              E    - describe the proper procedures to follow when conducting a witness
                    interview;
              E    - identify who can conduct interrogations (investigative agencies only); and
              E    - assist appropriate authority in witness interviewing/interrogation.
              


      (4)     Entrapment
      
       
              E    - defin  e entrapment;
              I    - monitor entrapment techniques which are instituted for compliance with
                    policies and guidelines; and
              A    - design entrapment stratagems in coordination with appropriate
                    authorities.                       
              
              
      (5)     Disgruntled Employees
      
            
              E    - identify the proper procedures for handling disgruntled employees;
              E    - monitor handling of disgruntled employees in accordance with established
                    procedures; and
      
                     I    - design the procedures to handle disgruntled employees in coordination
                           with appropriate authorities.

      
             (6)     Civil/Criminal Penalties
       
              
                     E    - describe the possible civil/criminal penalties resulting from security
                           incidents.