In accordance with section 1(1) (b) of the Act our response is
provided below;
Question 1
2008 - 8
2009 - 20
2010 - 34
Question 2
Lost Airwave Radio
Lost Encrypted CD
Stolen Router
Lost Warrant Card
Lost Mobile Data Terminal
Stolen Laptop
Lost/Stolen Encrypted Memory Stick
Lost Memory Stick
Lost Blackberry
Lost Mobile Phone
Misdirected Fax Transmission
Lost papers
Lost RSA Token
Question 3
Yes, 1. The lost encrypted CD was reported to the Information
Commissioner. The CD was found within 24 hours of the reporting of
the original loss.
Question 4
Reporting & Management of Security Incidents
OBJECTIVE
To ensure that there is a standard procedure for reporting any
information security incidents and that appropriate action is
consequently taken to prevent further damage arising from the
incident.
JUSTIFICATION
As the police service becomes more and more reliant on Information
Systems, the efficiency and speed with which security incidents are
dealt with will become highly important. A high level of response
will only be achieved if formal incident reporting mechanisms are
in place. As all incidents will be documented, the Force will have
the benefit of identifying the type and nature of security
incidents that the Force may be vulnerable to.
Definition of security incident
A security incident may be defined as an event such as a
security breach, that could potentially undermine either the
Confidentiality, Integrity or Availability of the information. This
list highlights the approved definition as set out in section 3.2.6
of the ACPO/ACPOS Community Security Policy which states that a
security incident is any suspected failure in information security,
namely:
a) accidental or deliberate destruction of information
b) accidental or deliberate modification of information
c) accidental or deliberate unauthorised disclosure of
information
d) accidentally or deliberately causing the unavailability of Force
Information Systems
e) unauthorised access to Force information systems
f) misuse of force data or information
g) theft or loss of force information assets
h) any other event which affects Force information security
Reporting of incidents
The Community Security Policy (CSP) requires that any incident
be reported, not just PNC related incidents. Therefore all security
incidents must initially be reported, via e-mail, to the Data
Protection Mailbox immediately. This communication should provide a
brief summary of the incident.
After notifying the Information Management Unit, a standard form
should be completed which details more fully the exact
circumstances of the security incident. This must be sent no later
than 72 hours after the initial e-mail.
All incidents relating to police information security will be
forwarded to the PITO Information Security Officer and also
highlighted at a future Information Security Group meeting. Urgent
incidents will be reported via WARPS; less urgent ones via the
'Slow Time Incident Reporting Procedure'. Where necessary, further
investigations will be made by the Information Management Unit in
order to identify the cause of the breach (e.g. procedural errors,
training needs) and to take preventative measures.
Procedure
1. Every individual who discovers a security breach, must report it
to their line manager immediately. In the absence of the line
manager, the breach must be reported to another supervisor or
manager.
2. The line manager must inform the Data Protection Officer via
e-mail, as outlined above. They must then complete the reporting
form.
Serious Incident Management
All serious incident must be classified and managed in line with
attached guidance