Information Security FAQs
About the California Information Security Office
The incident reporting criteria used to only require the reporting of a loss or theft of state-owned Information Technology (IT) equipment valued at $2,000 or more, but the state policy now requires agencies to report any loss or theft of state-owned IT equipment or any electronic devices containing or storing personal, sensitive, or confidential data. Why did it change from the previous dollar threshold of $2,000?
The incident reporting criteria used to only require the reporting of information technology related security incidents, but now state agencies are expected to report those involving paper and other formats. What authority requires agencies to report security incidents involving paper and other formats and why is this necessary?
Business Security in Business Requirements
Information Asset Protection