13-2 Information Security Incident Identification

Information security incidents are events, whether suspected or proven, deliberate or inadvertent, that threaten the integrity, availability, or confidentiality of information resources. The reporting of incidents enables the responsible organizations to review the security controls and procedures; establish additional, appropriate corrective measures, if required; and reduce the likelihood of recurrence. To protect the Postal Service computing environment, the manager, Corporate Information Security Office (CISO), may become involved at any point on any level for information security-related incidents impacting the Postal Service.

Reportable incidents include, but are not limited to, the following:

  1. Physical loss, theft, or unauthorized destruction of Postal Service information resources (e.g., missing or damaged hardware, software, or electronic media).
  2. Unauthorized disclosure, modification, misuse, or inappropriate disposal of Postal Service information.
  3. Internal or external unauthorized access attempts to access information or the facility where the information resides.
  4. Unauthorized activity or transmissions using Postal Service information resources.
  5. Internal or external intrusions or interference with Postal Service networks (e.g., denial-of-service attacks, unauthorized activity on restricted systems, unauthorized modification or deletion of files, or unauthorized attempts to control information resources).
  6. Information resources with system software that is not patched to the current level.
  7. Information resources with virus protection software that is not patched to the current level or is disabled.
  8. Information resources with virus pattern recognition files that are not current.
  9. Sudden unavailability of files or data normally accessible.
  10. Unexpected processes (e.g., e-mail transmissions) that start without user input).
  11. Files being modified when no changes in the files should have occurred.
  12. Files appearing, disappearing, or undergoing significant and unexpected changes in size.
  13. Systems displaying strange messages or mislabeled files or directories.
  14. Systems becoming slow, unstable, or inaccessible (e.g., will not boot properly).
  15. Data altered or destroyed or access denied outside of normal business procedures.
  16. Detection of unauthorized personnel in controlled information security areas.
  17. Security violation, suspicious actions, or suspicion or occurrence of embezzlement or other fraudulent activities.
  18. Suspected bribery, kickbacks, and conflicts of interest.
  19. Revenue loss involving an information system.
  20. Prohibited mass electronic mailings.
  21. Potentially dangerous activities or conditions.
  22. Illegal activities.
  23. Violation of Postal Service information security policies and procedures.
  24. Identity theft.
  25. Detection of unauthorized wireless access points.