NSTSSI Security Education Standards
8. Report security incidents in accordance with agency-specific policy to the DAA when an IS is compromised a. Security Violations Reporting Process (incident response) E - describe the process of responding and reporting of security incidents; E - comply with agency specific/local directives when reporting to the DAA; I - assist users and managers with incident response; I - organize an incident response team; I - report results of an incident response; A - evaluate damage done by an incident; and A - propose actions, changes, modifications to the INFOSEC program and practices based upon an incident. b. Security Investigation Procedures E - describe the process of investigating security procedures; E - follow the procedures; E - identify the investigating authorities; E - assist in investigations as requested; I - monitor compliance with procedure; I - explain the procedures to users and managers, the significance of the actions, and the consequences for variations; I - propose changes to procedures; and A - design the investigation procedures with appropriate authorities. c. Law (1) Investigative Authorities E - identify the agencies and offices responsible for investigating security incidents; and I - explain to users and managers the roles of various authorities. (2) Law Enforcement Interfaces (LEI) E - describe how the ISSO interfaces with law enforcement agencies; E - describe how to contact and use assistance from LEI; and A - improve effective coordination with LEI. (3) Witness Interviewing/Interrogation E - describe the proper procedures to follow when conducting a witness interview; E - identify who can conduct interrogations (investigative agencies only); and E - assist appropriate authority in witness interviewing/interrogation. (4) Entrapment E - defin e entrapment; I - monitor entrapment techniques which are instituted for compliance with policies and guidelines; and A - design entrapment stratagems in coordination with appropriate authorities. (5) Disgruntled Employees E - identify the proper procedures for handling disgruntled employees; E - monitor handling of disgruntled employees in accordance with established procedures; and I - design the procedures to handle disgruntled employees in coordination with appropriate authorities. (6) Civil/Criminal Penalties E - describe the possible civil/criminal penalties resulting from security incidents.