This document defines an Information Security Incident and the procedure to report an incident
This document applies to all Councillors, committees, working parties, employees of the Council, contractual third parties and agents of the Council who have access to Information Systems or information used for Temple Cloud with Cameley Parish Council purposes.
An information security incident occurs when data or information is transferred or is at risk of being transferred to somebody who is not entitled to receive it, or data is at risk from corruption.
4 An Information Security Incident includes:
- The loss or theft of data or information
- The transfer of data or information to those who are not entitled to receive that information
- Attempts (either failed or successful) to gain unauthorised access to data or information storage or a computer system
- Changes to information or data or system hardware, firmware, or software characteristics without the council’s knowledge, instruction, or consent
- Unwanted disruption or denial of service to a system
- The unauthorised use of a system for the processing or storage of data by any person.
5 When to report
All events that result in the actual or potential loss of data, breaches of confidentiality, unauthorised access or changes to systems should be reported as soon as they happen.
6 Action on becoming aware of the incident
Follow the information security procedure, according to the type of incident.
7 How to report
Report to the Data Protection Officer.
The Data Protection Officer will require you to supply further information, the nature of which will depend upon the nature of the incident. However, the following information must be supplied:
- Contact name and number of person reporting the incident
- The type of data or information involved
- Whether the loss of the data puts any person or other data at risk
- Location of the incident
- Inventory numbers of any equipment affected
- Date and time the security incident occurred
- Location of data or equipment affected
- Type and circumstances of the incident.
8 What to Report
All Information Security Incidents must be reported.
9 Examples of Information Security / Misuse Incident Protocols
Information Security Incidents are not limited to this list, which contains examples of some of the most common incidents.
9.a. Malicious Incident
- Computer infected by a Virus or other malware, (for example spyware or adware)
- An unauthorised person changing data
- Receiving and forwarding chain letters – Including virus warnings, scam warnings and other emails which encourage the recipient to forward onto others.
- Social engineering – Unknown people asking for information which could gain them access to council data (e.g. a password or details of a third party).
- Unauthorised disclosure of information electronically, in paper form or verbally.
- Falsification of records, Inappropriate destruction of records
- Denial of Service, for example
- Damage or interruption to Temple Cloud with Cameley Parish Council equipment or services caused deliberately e.g. computer vandalism
- Connecting non-council equipment to the council network
- Unauthorised Information access or use
- Giving information to someone who should not have access to it – verbally, in writing or electronically
- Printing or copying confidential information and not storing it correctly or confidentially.
9.b. Access Violation
- Disclosure of logins to unauthorised people
- Disclosure of passwords to unauthorised people e.g. writing down your password and leaving it on display
- Accessing systems using someone else’s authorisation e.g. someone else’s user id and password
- Inappropriately sharing security devices such as access tokens
- Other compromise of user identity e.g. access to network or specific system by unauthorised person
- Allowing Unauthorised Physical access to secure premises e.g. server room, scanning facility, dept area.
- Loss of integrity of the data within systems and transferred between systems
- Damage caused by natural disasters e.g. fire, burst pipes, lighting etc
- Deterioration of paper records
- Deterioration of backup tapes
- Introduction of unauthorised or untested software
- Information leakage due to software errors.
9.d. Inappropriate use
- Accessing inappropriate material on the internet
- Sending inappropriate emails
- Personal use of services and equipment in work time
- Using unlicensed Software
- Misuse of facilities, e.g. phoning premium line numbers.
9.e. Theft / loss Incident
- Theft / loss of data – written or electronically held
- Theft / loss of any Temple Cloud with Cameley Parish Council equipment including computers, monitors, mobile phones, memory sticks, CDs.
9.f. Accidental Incident
- Sending an email containing sensitive information to ‘all staff’ by mistake
- Receiving unsolicited mail of an offensive nature, e.g. containing pornographic, obscene, racist, sexist, grossly offensive or violent material
- Receiving unsolicited mail which requires you to enter personal data.
- Receiving unauthorised information
- Sending information to wrong recipient.
Serious incidents will be escalated via the national WARP scheme if determined to be of national value.