Do you believe you have been the victim of a cyber incident?
How would you know?
What defines a cyber incident?
The Department of Homeland Security’s US-CERT defines a incident as:
“an occurrence that – actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information or an information system; or constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.”
In 2015, Congress passed the Cybersecurity Information Sharing Act that seeks to:
“…improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes.”
As part of this legislation, Congress authorized the formation of ISAOs – or Information and Sharing Analysis Organizations, which are communities of interest whose members voluntarily share cybersecurity information with each other. The NCSS is an ISAO for small business and is connected to other ISAOs in industries and regions across the United States.
As a NCSS member, your business is afforded protection from liability and litigation matters as long as the incident was reported to the federal government or an ISAO. The NCSS, as an ISAO, will report your incident anonymously to the Department of Homeland Security (DHS) to ensure your business is provided liability protection. Sharing incident data enhances prevention and protection activities for the whole community.
According to DHS guidance:
“…Cyber threat indications and defensive measures shared with the federal government under the Act shall not be used by any federal, state, tribal, or local government to regulate, including through an enforcement action, the lawful activity of any non-federal entity or any activity taken by a non-federal entity pursuant to mandatory standards, including an activity relating to monitoring, operating a defensive measure, or sharing a cyber threat indicator.”
Completion of this incident report conforms to guidance promulgated by DHS under the Automated Information Sharing program.