Student Guide Shrt: Security Incidents Reprting Requirements Objective Estimated cmpletin time Identify the apprpriate reprting requirements t fllw in the event f a security incident. 10 minutes Reprting a Security Incident It began as anther rdinary day at the ffice. Tm grabbed a cup f cffee and gt t wrk. As he printed ut the latest prject reprt, he discvered a classified dcument sitting n the printer. Lks like it wasn t ging t be such an rdinary day after all. What is the first thing Tm shuld d abut the Secret dcument n the printer tray? Select the best respnse. Ntify the head f his lcal activity. Ntify the activity security manager. Take cntrl f the dcument. Additinal Reprting Cnsideratins In additin t finding classified material ut f prper cntrl, any knwn lss r ptential cmprmise f classified infrmatin shuld be reprted t the head f the lcal activity and t the activity security manager. But what if these individuals are believed t be invlved in r respnsible fr the incident? Wh shuld yu reprt a security incident t if yu suspect the security authrities f yur activity are invlved r respnsible? Select the best respnse(s). Ntify the security authrities at the next higher level f cmmand/supervisin. Ntify cmmanding fficer r security manager at the mst readily available DD facility. Ntify yur activities security authrities regardless f wh is invlved. Security Incidents Reprting Requirements Page 1
After an Incident Reprt Having secured the classified dcuments, Tm immediately ntifies the prper security fficials. Tm s security manager, Jane, thanks him fr bringing the incident t her attentin and indicates that she will be initiating an inquiry t identify the facts, the causes, and the persn respnsible in rder t determine if the incident is an infractin r a vilatin. Inquiry An inquiry int an incident determines if classified infrmatin is unaccunted fr r if unauthrized persnnel had, r culd have had, access t the infrmatin. In additin t identifying the facts and type f incident, an inquiry includes recmmendatins abut the crrective actins t be taken. Infractin The classificatin f a security incident as an infractin means that there was a failure t cmply with requirements where there is n lss, cmprmise r ptential fr cmprmise. Nn-cmpliance The classificatin f a security incident as a vilatin indicates a knwing and willful negligence fr security regulatins that resulted in, r culd be expected t result in, a lss, cmprmise r ptential cmprmise f classified infrmatin. In such a case, an inquiry must be cnducted in rder t prvide an in-depth and cmprehensive examinatin f the matter. Significant Cnsequences The initial inquiry revealed that the classified dcument was missing sme pages. The dcument cntained infrmatin cncerning a Secret defense technlgy which will likely cause an adverse effect t natinal security. What needs t happen nw? Security Incidents Reprting Requirements Page 2
What s the next step cncerning the lss f classified infrmatin related t a defense technlgy? Select the best respnse. Cnfer with the head f the lcal activity in rder t identify recmmendatins fr crrective actins t implement. Cmplete the required Security Incident Reprt and ntify the next higher level f cmmand/supervisin. Reprt the vilatin t the Directr f Security at the OUSD(I) Reprting Requirements fr the Directr f Security, OUSD(I) Any incident that results in, r may result in, significant cnsequences r may becme public must be prmptly reprted t the Directr f Security at the Office f the Under Secretary f Defense fr Intelligence, r OUSD(I). A preliminary reprt shuld be included especially if the incident culd becme public. Incidents that require reprting include any egregius security incident as determined by the DD Cmpnent senir agency fficial r vilatins: Invlving espinage Resulting in an unauthrized disclsure f classified infrmatin t the public media Invlving disclsure that: Is reprted t a Cngressinal versight cmmittee May attract significant public attentin Invlves large amunts f classified infrmatin Reveals a ptential systemic weakness in plicy r practices Invlving the creatin r cntinuatin f a SAP cntrary t regulatin requirements and natinal plicies Relating t any defense peratin, system, r technlgy that is likely t cause significant harm r damage t natinal security Security Incidents Reprting Requirements Page 3
Summary Reprting ensures that the versights that led t security incidents are crrected. As such, reprts need t be available fr inspectin, analysis, review, and/r investigatin. T assist in ding this, reprts need t be filed using the Security Incident Reprt mdule f the Operatins Security Cllabratin Architecture, r OSCAR. Dependent n the nature f the incident, there may be additinal reprting requirements t cnsider. When it cmes t reprting a security incident, the mst imprtant thing t remember is the immediacy f the situatin. By reprting incidents t the prper fficials in a timely manner, yu help t ensure the integrity f natinal security. Security Incidents Reprting Requirements Page 4
Answer Key What is the first thing Tm shuld d abut the Secret dcument n the printer tray? Select the best respnse. Take cntrl f the dcument. Wh shuld yu reprt a security incident t if yu suspect the security authrities f yur activity are invlved r respnsible? Select the best respnse(s). Ntify the security authrities at the next higher level f cmmand/supervisin. Ntify cmmanding fficer r security manager at the mst readily available DD facility. What s the next step cncerning the lss f classified infrmatin related t a defense technlgy? Select the best respnse. Reprt the vilatin t the Directr f Security at the OUSD(I) Security Incidents Reprting Requirements Page 5