Strategic Security Intelligence

NSTSSI Security Education Standards


Top - Help

Copyright(c), 1995 - Management Analytics and Others - All Rights Reserved

8.    Report security incidents in accordance with agency-specific policy to the DAA when an IS
is compromised

      a.    Security Violations Reporting Process (incident response)
            E      - describe the process of responding and reporting of security incidents;
            E      - comply with agency specific/local directives when reporting to the DAA;
            I      - assist users and managers with incident response;
      I      - organize an incident response team;
      I      - report results of an incident response;
      A      - evaluate damage done by an incident; and
      A      - propose actions, changes, modifications to the INFOSEC program and practices
              based upon an incident.
b.    Security Investigation Procedures

      E      - describe the process of investigating security procedures;
      E      - follow the procedures;
      E      - identify the investigating authorities;
      E      - assist in investigations as requested;
      I      - monitor compliance with procedure;
      I      - explain the procedures to users and managers, the significance of the actions,
              and the consequences for variations;
      I      - propose changes to procedures; and
      A      - design the investigation procedures with appropriate authorities.
c.    Law

      (1)     Investigative Authorities
              E    - identify the agencies and offices responsible for investigating security
                    incidents; and
              I    - explain to users and managers the roles of various authorities.
      (2)     Law Enforcement Interfaces (LEI)
              E    - describe how the ISSO interfaces with law enforcement agencies;
              E    - describe how to contact and use assistance from LEI; and
              A    - improve effective coordination with LEI.

      (3)     Witness Interviewing/Interrogation

              E    - describe the proper procedures to follow when conducting a witness
              E    - identify who can conduct interrogations (investigative agencies only); and
              E    - assist appropriate authority in witness interviewing/interrogation.

      (4)     Entrapment
              E    - defin  e entrapment;
              I    - monitor entrapment techniques which are instituted for compliance with
                    policies and guidelines; and
              A    - design entrapment stratagems in coordination with appropriate
      (5)     Disgruntled Employees
              E    - identify the proper procedures for handling disgruntled employees;
              E    - monitor handling of disgruntled employees in accordance with established
                    procedures; and
                     I    - design the procedures to handle disgruntled employees in coordination
                           with appropriate authorities.

             (6)     Civil/Criminal Penalties
                     E    - describe the possible civil/criminal penalties resulting from security