Are there instructions for completing the Information Security Incident Report?
Yes. Detailed instructions are provided on within the SIMM 5340-A – Incident Reporting and Response Instructions (PDF).
Additional details to report:
Any suspicious activity, behavioral characteristics, or unlawful activity, that may suggest involvement in terrorist activity should be reported immediately to a state entity’s Terrorism Liaison Officer, or the Sacramento Regional Terrorism Threat Assessment Center at 1-888-884-8383 or by email to firstname.lastname@example.org.
Suspicious activity may include the following:
1) unusual items in a vehicle or residence (e.g., extremist posters, weapons/explosives materials, altered identification documents);
2) the probing of security systems and first responder procedures (e.g., unplanned building evacuations due to “false alarms”); or
3) other signs of pre-operational terrorist planning and surveillance (e.g., requests for system documentation or other sensitive organizational information).
It is most helpful in pursuing tips and leads, if while observing the suspicious activity, information about the subject(s), vehicle(s), activity, or location is gathered and documented as much as possible. For example, the name and physical description of subject(s) and vehicle License Plate number(s) involved.