The following is a small process and statement designed to be issued to general staff. Basically awareness is a key component of any successful security program and having users know when and how to report security breaches is critical to the continued secure operations of a site.
Some breaches such as stealing, willful damage and breaking statutory regulations are considered criminal offences. Copying of proprietary software is also a criminal offence as has been shown in some well-documented cases where companies and individuals have been taken to court by the BSA.
- Other breaches of security may not be criminal offences but could embarrass organization.
- Breaches of security could result in suspension or even dismissal.
- Breaches of security whether they are deliberate or accidental can affect all of us at organization.
The handling of security breaches is very important and the following points should be considered:
It is the responsibility of all users to report any suspected breaches of security to the management and the security function of an organization. This is of particular importance if you suspect the breach may have occurred under the improper use of your own USERID. If you have experienced a compromise, you need to be upfront about it or you could be in trouble later.
Do not discuss suspected breaches with anyone other than your immediate manager and corporate Security and control even though you may be tempted. This is for your own protection and to guard against any possible recriminations should the suspicion prove to be proven or unfounded. This point cannot be overemphasized.
Do not attempt to solve the problem or pursue any further investigations yourself. This is the responsibility of user management and Internal Audit with assistance from IT.
Any suspected reported breach will be treated with the utmost confidence and will precede no further if proved to be unfounded.
Details to be reported
When reporting a suspected security breach, there are things you should include in the report.
- USERID and owner name, location, section, department of the person reporting the breach,
- Name and USERID of the person suspected of committing the breach (if available and known),
- Details including systems time and possible evidence i.e.: logs, transaction reports etc.
- Outcome or possible outcome of the breach. This is the consequences as you know them.
Retain any documentation relating to the breach, copy it and forward it to your security contact. If possible the documentation should be delivered in person.
Accidental breaches should be communicated to your immediate management and the security group immediately to relieve any unwarranted suspicion and to save valuable time in tracing the source of the breach.