The Office of the ITS serves as the central coordination entity for security incidents on the state's network. According to ITA Information Technology Policy P4510, Cyber Security Incident Reporting, agencies must report actual or suspected cyber security incidents to the Statewide Cyber Security Incident Response Team, led by the Office of the ITS Cyber Security Team. This team will assist in incident analysis and response activities. Efforts to broaden this team through partnerships with other agencies is currently underway.
The Office of the ITS also serves as the primary contact for the national Multistate Information Sharing and Analysis Center (MS-ISAC). Incident reports provided by MS-ISAC on threats to the national or state infrastructure are forwarded to state agencies. Additionally, we provide weekly situational reports to the MS-ISAC on Idaho's current security posture.
If you have a security incident to report, immediately contact the Office of the ITS.
Cyber Security Incident
A cyber security incident is considered to be any adverse event that threatens the confidentiality, integrity, or accessibility of an agency's information resources. These events include, but are not limited to, the following:
- attempts (either failed or successful) to gain unauthorized access to a system or its data
- disruption or denial of service
- unauthorized use of a system for the transmission, processing, or storage of data
- changes to system hardware, firmware, or software without the agency's knowledge, instruction, or consent
- attempts to cause failures in critical infrastructure services or loss of critical supervisory control and data acquisition (SCADA) systems
- attempts to cause failures that might cause loss of life or significant impact on the health or economic security of the agency and/or state
- probing of any nature that an agency or other authorized entity has not approved in advance for system security testing purposes
- website defacements
- virus or other malicious-ware outbreaks
Here is a guide on how to create a forensic copy of a PC. Click here to view.