Information Technology

Low


Low Risk of Terrorist Attacks

  1. Refine and exercise pre-planned Protective Measures.
  2. Regularly assess vulnerabilities of information technology infrastructure.
  3. Recommend and take mitigation and security measures for the information technology infrastructure.
  4. Have an emergency plan for IT operations.
  5. Ensure the IT plan identifies all business critical information and information systems (including applications and databases) and their operational importance.
  6. Ensure the IT plan identifies all points of access and their operational necessity.
  7. Conduct education and training for users, administrators, and management.
  8. Ensure an effective password management program is in place.
  9. Conduct periodic internal security reviews and external vulnerability assessments.
  10. Conduct normal auditing, review, and file back-up procedures.
  11. Ensure effective virus protection, scanning processes are in place.
  12. Confirm the existence of newly identified vulnerabilities and test and install patches as available.
  13. Periodically review and test higher Threat Alert Level actions and IT recovery plans.
  14. Maintain law enforcement liaison - e.g. local FBI, InfraGard, RCMP, etc.
  15. Submit PEIRS Report information to 911 Center.

Guarded


General Risk of Terrorist Attacks

Take all actions from previous levels, plus:
  1. Communicate work force awareness messages to be alert and who to report unusual cyber-activities to.
  2. Review security and operational plans and procedures and ensure they are up-to-date.
  3. Submit PEIRS Report information to 911 Center.

Elevated


Significant Risk of Terrorist Attacks

Take all actions from previous levels, plus:
  1. Alert key personnel of possible emergency duty.
  2. Review assignments and recall list with all personnel.
  3. Check readiness of all equipment, supplies, and facilities.
  4. Increase level of auditing, review and critical file back-up procedures.
  5. Conduct internal security review on all critical systems.
  6. Increase review of intrusion detection and firewall logs.
  7. Conduct more frequent checks of cyber security communications for software vulnerability.
  8. Identify additional business/ site specific measures as appropriate.
  9. Increase frequency of liaison with law enforcement agencies.
  10. Provide PEIRS Report information to the 911 center.


High

High Risk of Terrorist Attacks

Take all actions from previous levels, plus:
  1. Alert personnel of possible emergency duty.
  2. Place off-duty personnel on stand-by.
  3. Conduct immediate internal security review on all critical systems.
  4. Determine staffing availability for backup operations and provide notice.
  5. Consider increasing physical access restrictions to computer rooms, communications closets, and critical operations areas.
  6. Consider account access restrictions-temporarily disable non-critical accounts.
  7. Consider delaying scheduled, routine maintenance or non-security sensitive upgrades.
  8. Media releases should be reviewed with public information officer prior to release.
  9. Review plan for returning to a lower HSAS Alert level.
  10. Take additional business/ site specific measures as appropriate.
  11. Submit PEIRS Report information to the 911 center.


Severe

Severe Risk of Terrorist Attacks

Take all actions from previous levels, plus:
  1. Recall and mobilize crisis response team.
  2. Consider 27/7 staffing and operations.
  3. Be prepared to handle emergency information technology requests.
  4. Consider continuous 24/7 monitoring of intrusion detection and firewalls.
  5. Consider continuous 24/7 monitoring of cyber security communications for latest vulnerability information.
  6. Contact software vendors for status of software patches and updates.
  7. Consider reconfiguring information systems to minimize access points and increase security.
  8. Consider rerouting mission-critical communications through unaffected system.
  9. Consider disconnecting non-essential network access.
  10. Consider alternative modes of communication and disseminate new contact information, as appropriate.
  11. Consider activation of the company emergency management team/ procedures.
  12. Actively monitor communications with all appropriate law enforcement and cyber security agencies for two-way updates on threat status.
  13. Review plan for returning to a lower HSAS Threat level.
  14. Submit PEIRS Report information to the 911 center.