Report a Security Concern or Incident


State Employees


We encourage you to report any activities that you feel meet the criteria for an incident. Our policy is to keep any information specific to your site confidential unless we receive your permission to release that information.

Definition of an Information System Security or Cyber Incident

The State of Colorado defines information system security or cyber incidents as any event violating State of Colorado security policy, standards, procedures, guidelines, processes or security best practice that may be detected as unexplained network or system behavior resulting in the loss of sensitive data or any instance where State of Colorado’s reputation might suffer.

State of Colorado segments these incidents into the following categories consistent with definitions published by the National Infrastructure Protection Center, (The Cybersecurity and Infrastructure Security Agency):

  • Increased access to informational assets
  • Unauthorized disclosure of information
  • Corruption of information
  • Denial of service
  • Theft of State of Colorado Information Technology (IT) and Telecommunications assets, services, or resources