Page 31 - Cyber Warnings
P. 31
Negligent
Somewhere between the previous categories is the negligent data spill that occurs when
a person acts unreasonably and causes an unauthorized disclosure.
This can happen through careless attention to detail or a reckless disregard for
procedures.
Whichever the category, the outcome is the same – protected data has become vulnerable by
sitting somewhere it should not.
Responding to a data spill
If an organization has respect for information technology and resources dedicated to IT security,
there will most likely be a reaction plan in place should a data spill occur.
Most frequently, a Facility Security Officer (FSO), Information Assurance Manager and IT
security personnel are all dedicated to the protection of data. It is their responsibility to mitigate
and investigate data spills.
An appropriate response to a data spill most often takes three phases:
Detection and reporting
If you discover a data spill, you must report it immediately and take no action yourself on
the data, including deletion or forwarding.
DoD contractors can report to the Original Classification Authority (OCA), Information
owner/originator, Information System Security Manager (ISSM), Activity Security
Manager, or Responsible Computer Incident Response Center.
For other industry reporting, contact the Facility Security Officer (FSO), the Information
Systems Security Manager (ISSM), or the Information Systems Security Officer (ISSO).
Risk assessment and containment
Repair can begin now that the spill has been noticed and the appropriate authorities
have been contacted. The authorities will tally the risks associated with the breach and
will seek guidance from the data owner.
Deletion or further spreading of the classified data is still prohibited during this phase,
and the systems involved in the spill are usually isolated for that purpose.
Clean up
Specific clean up procedures vary between the DoD and cleared defense contractors,
31 Cyber Warnings E-Magazine – July 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
