DHS Details Cyber Incident Reporting Process

US-Homeland-SecurityThe U.S. Department of Homeland Security (DHS) has published guidelines on when, how and to which government agency US organizations should report cyber incidents. This follows last week’s release of Presidential Policy Directive 41 (PPD-41) on United States Cyber Incident Coordination — which specifically requires the DHS to ‘maintain and update’ such a fact sheet.

The fact sheet (PDF) makes no mention of PPD-41’s Incident Severity Schema. That schema defined six levels (0-5) that provide a common framework for evaluating incident severity; and according to PPD-41, government agencies should get involved from level 3 upwards.

The DHS guidelines first define a cyber incident (“an event that could jeopardize the confidentiality, integrity, or availability of digital information or information systems”), and then define whether the severity of the incident warrants reporting. “Victims,” it explains, “are encouraged to report all cyber incidents that result in significant loss; impact a large number of victims; indicate a compromise of critical IT systems; affect the critical infrastructure; or impact national security, economic security, or public health and safety. Fundamentally, it remains a value judgment by the affected organization.

Read more at
http://www.securityweek.com/dhs-details-cyber-incident-reporting-process