The Office of the ITS serves as the central coordination entity for reporting security incidents on the state's network. According to ITA Policy P4590 (Cybersecurity Incident and Breach Response Management and Reporting), agencies must establish an incident response capability within their organization, and must investigate and report their findings on incidents and breaches in accordance with policies and standards for reporting.
The Office of the ITS also serves as the primary contact for the national Multistate Information Sharing and Analysis Center (MS-ISAC). Incident reports provided by MS-ISAC on threats to the national or state infrastructure are forwarded to state agencies. Additionally, we provide weekly situational reports to the MS-ISAC on Idaho's current security posture.
If you have a security incident to report, immediately contact the Office of the ITS.
Cyber Security Incident
A cyber security incident is considered to be any adverse event that threatens the confidentiality, integrity, or accessibility of an agency's information resources. These events include, but are not limited to, the following:
- Attempts (either failed or successful) to gain unauthorized access to a system or its data
- Disruption or denial of service
- Unauthorized use of a system for the transmission, processing, or storage of data
- Changes to system hardware, firmware, or software without the agency's knowledge, instruction, or consent
- Attempts to cause failures in critical infrastructure services or loss of critical supervisory control and data acquisition (SCADA) systems
- Attempts to cause failures that might cause loss of life or significant impact on the health or economic security of the agency and/or state
- Probing of any nature that an agency or other authorized entity has not approved in advance for system security testing purposes
- Website defacements
- Virus or other malicious-ware outbreaks
Here is a guide on how to create a forensic copy of a PC. Click here to view.