Incident Response

Don't Delay, Report It Today

At CORAS, we're working under the assumption that a cyber incident or information spill is inevitable, and we will need to respond sooner than later. That's why we have invested in regular security training, so we know what sensitive information looks like and what to do if there is a security incident.


This page is provided to help you to determine what to do where there is a security incident or a security breach leading to information spillage. Please do not try and handle an incident or spill situation on your own; critical steps may be missed.


Instead, use the protocols in the link below as a starting point for coordination and information escalation and sharing. All incidents must be treated with utmost confidentiality and our handling processes must be followed.


        • Under Federal law, security incidents that must be reported include (but are not limited to):
        • Attack, assault, or verbal altercation against an employee
        • Attempted entry to a facility with a prohibited weapon
        • Harassment of an employee
        • Damage or destruction to Government property
        • Found property (Government assets)
        • Possession (illegal) of a controlled substance
        • Loss or theft of building access card, building or room keys, legacy ID card, Government property or equipment, sensitive data
        • Workplace incident involving a disruptive/disgruntled employee (physical and/or verbal) or requiring minimal law enforcement
        • Inappropriate statements, including threats, to an employee
        • Employee injury incident on Government premises
        • Vehicle accidents on Government property (with or without injuries)
        • Loss or compromise of Classified Information (National Security Information)


Generally, if the circumstance feels like it may present a security issue, it probably does! It’s advisable to err on the side of caution by escalating the incident to CORAS' internal Computer Security Incident Response Team (CSIRT).


For more information and specific steps please see the Security Incident Reporting and Breach Notification Procedures document, loaded into the CORAS Teams site. You will need to authenticate to open the file using your Office 365 credentials.


Remember: government created or owned information must be safeguarded from unauthorized disclosure. They are trusting CORAS to protect this information and we are trusting you!