sirf guide
TRANSCRIPT
-
7/28/2019 Sirf Guide
1/6
NSTS SECURITY INCIDENT REPORTING SCHEME - GUIDELINES FOR USERS
Author: Sally Holman Version: 5Authority: Alan Smith 22 September 2003
Contents Page
1 INTRODUCTION
2 This document provides an introduction to the procedure to be followed by users of
the NSTS in reporting any security incidents. Note that the reporting of securityincidents in relation to NHSnet is not covered by this document, as this the subjectof a separate procedure.
3 WHAT TYPE OF ACTIVITY SHOULD I REPORT ?
4 Any violation of the NSTS Security Policy and the related Access and SecurityProtocols. The range of potential security incidents is extremely broad and includes,but is not limited to, those incidents which have had or could have had a knock-oneffect upon the disclosure, denial of access to, destruction or modification of NSTSdata. In practice, an incident could relate to any facet of the NSTS Security Policyor Access and Security Protocols.
5 WHY SHOULD I REPORT A SECURITY INCIDENT ?
6 The NSTS Security Policy requires you to report any security incident.
7 The Schlumberger Sema Help Desk will provide a reliable, single point of contact forincident reporting, including security emergencies, relating to the NSTS. When youreport an incident to Schlumberger Sema, they will be able to provide pointers toappropriate user or technical documents and offer suggestions on recovering thesecurity of the NSTS. Thus, depending upon the nature of the incident you mayreceive technical assistance from Schlumberger Sema.
8 Schlumberger Sema will receive incident reports from throughout the NSTS usercommunity. By reporting your incident, you allow Schlumberger Sema to relateincidents with similar characteristics, thereby helping them to identify and respond toany areas of vulnerability, or to identify any areas where greater user awareness isneeded.
9 Your report will also allow better statistics on security incidents to be kept.
10 Finally, reporting any security incidents is part of being a responsible user of theNSTS.
-
7/28/2019 Sirf Guide
2/6
NSTS Security Incident Reporting Scheme Guidelines for Users NSTS
11 WHO SHOULD I REPORT THE INCIDENT TO ?
12 Your Caldicott Guardian/Delegated Authority (or appointed local IM&TSecurity Manager)
13 It is recommended that you report any incidents, which you think, may affect thesecurity of the NSTS to your Caldicott Guardian/Delegated Authority, or local IM&TSecurity Manager if this is deemed to be more appropriate.
14 Schlumberger Sema Help Desk
15 All security incidents should be reported to Schlumberger Sema through the HelpDesk, who will log the call, categorise it and contact the Schlumberger Sema NSTSSecurity Manager.
16 NHS Number Programme Security Manager
17 The NNP Security Manager will automatically be copied on any reports you send tothe Schlumberger Sema Help Desk.
18 WHAT SHOULD I INCLUDE IN MY SECURITY INCIDENT REPORT ?
19 Security Incident Reporting Form
20 When you report a security incident, it is important to ensure that you provideenough information for Schlumberger Sema to be able to understand and respondto your report. The NNP Security Manager and Schlumberger Sema NSTS SecurityManager have jointly developed a Security Incident Reporting Form designed tohelp you in reporting a security incident. This form prompts you for all the
information discussed below in an organised manner and is reproduced as anAnnex to this document.
21 In order to ensure that users can report security related incidents in confidence, noinformation about a user organisation's involvement in a security incident will bereleased without their explicit permission.
22 Information about how to contact you
23 In order to ensure that Schlumberger Sema is able to contact you, please provide asmuch detailed contact information as you are willing to disclose. Apart from your e-mail address and telephone number, please supply, if possible, your address, mobile
phone number, pager number, or other means of contacting you. It is also a goodidea to provide an alternative contact at your site.
24 Description of incident
25 One of the most important parts of any security incident report is a description of theactivities leading up to the security incident. Please provide as much information aspossible about the circumstances prevailing at the time, including the facilities inuse, how the incident came about, how it was detected etc.
26 Note, however, that you SHOULD NOT include in your report any information thatwould identify a specific patient or NSTS user.
22 September 2003 Page 2 of 6 Version 4
-
7/28/2019 Sirf Guide
3/6
NSTS Security Incident Reporting Scheme Guidelines for Users NSTS
27 Aspects of the NSTS Security Policy violated
28 Whenever possible, you should try to relate the incident to those aspect(s) of theNSTS Security Policy and related NSTS Access and Security Protocols which youbelieve may have been compromised. This is best achieved by quoting the sectionname and paragraph numbers of these documents, which are maintained at theNSTS web site on http://www.connectingforhealth.nhs.uk/nsts.
29 Extracts of audit reports
30 Audit reports can be helpful in providing additional background to security incidents.Whenever possible, include these if they provide more detail than your description.Section(s) of reports not related to the reported security incident should be removedto help avoid confusion. You should also blank out any information on the reportthat would identify a specific patient or NSTS user.
31 Seriousness of the security incident
32 It is necessary to prioritise security incidents. Any major incidents, especially thoserelating to any unauthorised disclosure of information, will be consideredemergencies. Although the description of the security incident can be very valuablein helping to prioritise a response, please take a few minutes to make your ownjudgement about the seriousness of the incident using the simple pro-formaprovided.
33 HOW SHOULD I REPORT AN INCIDENT ?
34 You may report a security incident to the Schlumberger Sema Help Desk by:
(1) Telephone on 0121 788 4001;
(2) Fax. on 0161 601 7515.
35 In any event, you should submit a completed Security Incident Report form.
36 WHEN SHOULD I REPORT AN INCIDENT ?
37 The NSTS Security Policy requires that security incidents be reported as and whenthey occur. Reports sent very shortly after the incident are likely to be the mostvaluable, but even if there is a delay between an incident occurring and youdiscovering it, please send in your report.
22 September 2003 Page 3 of 6 Version 4
-
7/28/2019 Sirf Guide
4/6
NSTS Security Incident Reporting Scheme Guidelines for Users NSTS
NHS Strategic Tracing ServiceSecurity Incident Report Form
(Please Read Covering Text Before Completing This Form)
Date and Time of Report:
Date and Time of Incident:
Contact Details:
Description of Incident:
Aspects of Security Policy Violated
Extracts of Audit Reports
22 September 2003 Page 4 of 6 Version 4
-
7/28/2019 Sirf Guide
5/6
NSTS Security Incident Reporting Scheme Guidelines for Users NSTS
Seriousness of Incident (Impact)Type of Impact
Yes/No
Disclosure of Information
Denial of Access to Information
Destruction of Information
Modification of Information
Seriousness of Incident (Severity)
Severity Level
Types of Incident
2 Major Security Incident
Media tape loss
Personal information abused/disclosed
Security vulnerability
Small-scale data disclosure
Widespread data disclosure
Small-scale data corruption
Widespread data corruption
3 Minor Security Incident
Correspondence missing
Incremental update late
Login failure
Possible vulnerability
Session left unattended
System-generated message
22 September 2003 Page 5 of 6 Version 4
-
7/28/2019 Sirf Guide
6/6
NSTS Security Incident Reporting Scheme Guidelines for Users NSTS
For NNP Security Manager and Schlumberger Sema NSTS SecurityManager use only
Explanation for incident:
Date resolved:
How incident was resolved:
Action taken to prevent future incidents:
22 September 2003 Page 6 of 6 Version 4