Chapter 4 – Information Technology

49020.12.1 Incident Report Format

• The following information concerning each incident shall be reported to the ISOInformation Security Officer Information Security Office within three working days of becoming aware of the occurrence of the incident:

  • Date and time.

  • Location.

  • Description of what happened.

  • Estimated damages.

  • Description of corrective action taken or planned.

  • Estimated costs associated with corrective actions.

  • If known, identity of those responsible for the incident.

  • Descriptions of actions taken or planned against those responsible for the incident.

  • Contact name and phone number of the person reporting the incident.

• The report submitted to the ISOInformation Security Officer Information Security Office shall be signed by the appropriate Warden, Regional Parole Administrator, Director, or Assistant Secretary.

• Incidents involving the following shall be forwarded to the State Office of Information Services (OIS) within five business days of the initial report, and shall be signed by the AISO and Secretary or there authorized delegate:

  • CDCRCalifornia Department of Corrections and Rehabilitation-owned or CDCRCalifornia Department of Corrections and Rehabilitation managed data, without authorization, was damaged, destroyed, deleted, shared, altered, or copied, or used for non-state business. This includes computer documentation and configuration information, as well as electronic and non-electronic data and reports.

  • Unauthorized parties accessed one or more CDCRCalifornia Department of Corrections and Rehabilitation computers, computer systems, or computer networks. This includes deliberate and unauthorized uses of CDCRCalifornia Department of Corrections and Rehabilitation-owned computer services, as well as, “hacker attacks.”

  • Someone has accessed and without permission added, altered, damaged, deleted, or destroyed any computer programs which reside or exist internal or external to a CDCRCalifornia Department of Corrections and Rehabilitation computer, computer system, or computer network.

  • Disruption of CDCRCalifornia Department of Corrections and Rehabilitation computer services or denial of computer services occurred in a manner that appears to have been caused by deliberate and unauthorized acts.

  • A contaminant was introduced into a CDCRCalifornia Department of Corrections and Rehabilitation computer, computer system, or computer network. This includes, but is not limited to, viruses, Trojans, worms, and other types of malicious attacks.

  • Internet domain names and/or users account names have been used without permission in connection with the sending of one or more electronic mail messages, and thereby caused damage to a CDCRCalifornia Department of Corrections and Rehabilitation computer, computer system, or computer network, or misrepresented CDCRCalifornia Department of Corrections and Rehabilitation or CDCRCalifornia Department of Corrections and Rehabilitation employees in electronic communications.

  • Damage or destruction of CDCRCalifornia Department of Corrections and Rehabilitation information processing facilities has occurred.

  • Physical intrusions into CDCRCalifornia Department of Corrections and Rehabilitation facilities have occurred that may have resulted in the compromise of CDCRCalifornia Department of Corrections and Rehabilitation data or computer systems.

  • Lost, damaged, or stolen devices used for information processing.

• The California Highway Patrol’s Emergency Notification and Tactical Alert Center (ENTAC) shall be notified of the occurrence of an incident within one day of receipt of the initial report. Incidents involving “Personally Identifiable Information” (PII) or “Personal Health Information” (PHI) involving more than 500 California Residents shall be reported to the Attorney General.