An incident is defined as anything you observe to be suspicious use or misuse of State systems or assets.
Incidents are required to be reported.
Fill out the electronic Form 512 Security Incident Notification which will generate a ticket to Enterprise Security.
Please remember that any activity that you deem suspicious or problematic merits concern and should be reported.
Examples of what is could be deemed as suspicious use or misuse but not limited to:
- Access to or a use of a system or its data
- Changes to system hardware, firmware or software.
- Access to restricted areas.
- Acquisition, removal, or destruction of state assets.
- Unplanned disruption in services.
- Loss or theft of computer-related items such as: laptops, desktops, mobile storage devices (USB drives), smart phones, network equipment, backup tapes, etc.
- Exposure or loss of confidential or sensitive data containing information such as social security numbers, credit card numbers, health record information or other personally identifiable data
- You observe unusual behavior in the system logs. Upon further review you observe that many attempts to access the system have been made for multiple user ID’s from the same IP.
- You observe a fellow employee attempting to access a system using another user’s ID.
- When browsing a state web service you observe that the web page has been defaced.
- When browsing a state web service you observe that the web page you have visited has attempted to install suspicious software.
- Someone that you don’t know or without an ID badge tries to tailgate you in a restricted area.
- You have observed someone attempting to take some equipment off the premises. When a state system or service is not available.