State of Colorado characterizes information system security or cyber incidents as any event violating State of Colorado security policy, standards, procedures, guidelines, processes or security best practice that may be detected as unexplained network or system behavior resulting in the loss of sensitive data or any instance where State of Colorado’s reputation might suffer. State of Colorado segments these incidents into the following categories consistent with definitions published by the National Infrastructure Protection Center:
The OIT Information Security Operations Center (ISOC) is staffed to receive and disseminate timely information regarding network security vulnerabilities and threats in the State of Colorado. The ISOC will receive, analyze, and escalate reports to state agencies that their systems are being used to source or are being victimized by a threat vector.
The ISOC can be contacted at:
We encourage you to report any activities that you feel meet the criteria for an incident. Note that our policy is to keep any information specific to your site confidential unless we receive your permission to release that information.