Review of the Department of Justice’s Reporting Procedures for Loss of Sensitive Electronic Information
Evaluation and Inspections Report I-2007-005
June 2007
Office of the Inspector General
Category | Name | Description | Reporting timeframe |
---|---|---|---|
0 |
Exercise/ Network Defense Testing |
This category is used during Department exercises activity testing of internal/external network defenses or responses. |
As defined in the exercise requirements. |
1 |
Unauthorized Access |
In this category an individual gains logical or physical access without permission to a federal agency network, system, application, data, or other resource. |
Within 1 hour of discovery/detection, followed by written report within 24 hours. |
2 |
Denial of Service (DoS) |
An attack that successfully prevents or impairs the normal authorized functionality of networks, systems or applications by exhausting resources. This activity includes being the victim or participating in the DoS. |
Within 2 hours of discovery/detection if the successful attack is still ongoing and the agency is unable to successfully mitigate activity, followed by written report within 24 hours. |
3 |
Malicious Code |
Successful installation of malicious software (e.g., virus, worm, Trojan horse, or other code-based malicious entity) that infects an operating system or application. Components are NOT required to report malicious logic that has been successfully quarantined by antivirus software. |
Daily Note: Within 1 hour of discovery/detection if widespread across agency, followed by written report within 24 hours. |
4 |
Improper Usage |
A person violates acceptable computing use policies. |
Weekly |
5 |
Scans/Probes/ Attempted Access |
This category includes any activity that seeks to access or identify a Department computer, open ports, protocols, service, or any combination for later exploit. This activity does not directly result in a compromise or denial of service. |
Monthly Note: If system is classified, report within 1 hour of discovery. |
6 |
Investigation |
Unconfirmed incidents that are potentially malicious or anomalous activity deemed by the reporting entity to warrant further review. |
Periodically as information is developed. This category is for each component’s use in categorizing a potential incident that is currently being investigated. |
7 |
Spam |
Commercial advertising, inappropriate content, or other non-phishing spam. |
Monthly |
« Previous | Table of Contents | Next » |