Definition of an Information System Security or Cyber Incident
(As defined by the Governor's Office of Information Technology - OIT)
State of Colorado characterizes information system security or cyber incidents as any event violating State of Colorado security policy, standards, procedures, guidelines, processes or security best practice that may be detected as unexplained network or system behavior resulting in the loss of sensitive data or any instance where State of Colorado’s reputation might suffer. State of Colorado segments these incidents into the following categories consistent with definitions published by the National Infrastructure Protection Center:
- Increased access to informational assets;
- Unauthorized disclosure of information;
- Corruption of information;
- Denial of Service;
- Theft of State of Colorado Information Technology (IT) and Telecommunications assets, services, or resources
Reporting a Cyber Incident
The OCS Information Security Operations Center (ISOC) is staffed to receive and disseminate timely information regarding network security vulnerabilities and threats in the State of Colorado. The ISOC will receive, analyze, and escalate reports to State agencies that their systems are being used to source or are being victimized by a threat vector.
The Colorado Department of Higher Education will act as a communicator between the Colorado Office of Information Technology and the institutions of higher education regarding incident reporting.
For Institution Security Personnel, if an incident has occurred at your institution, please complete the following form and submit to CDHE.
Information System Security
For more information on Colorado Information Security, visit OIT's website.
OIT Resources include:
- Information Security Policies (click here)
- Information Security Standards (click here)
- Information Security Resources (click here)
- Cyber Security Help & Tips (click here)
- Cyber Security Toolkit (click here)