Language selection

Government of Canada / Gouvernement du Canada

Search

See It, Hear It, Suspect It – Reporting security incidents

February 3, 2026 - Defence Stories

security awareness
 

We often hear about improving our security culture — but did you know that simply reporting something you see, or suspect can make a real difference? Security incidents happen more often than they should in our large DND-CAF organization. Understanding the difference between a security violation and a breach can mean the difference between protecting sensitive information and compromising it.

 

But what does this mean exactly?

The infographic below breaks down common scenarios and highlights the different types of security incidents that can occur. It also provides guidance on which reporting channels to use to ensure incidents are contained and mitigated effectively.

By staying aware, we can reduce risks and prevent incidents before they happen.

Watch the video and review the key points in the infographic to see how

even small actions could trigger a breach and why every detail counts.

For more information on a variety of security topics, visit the Security Awareness Toolkit, available through the Director General Defence Security (DGDS) intranet page.

Video / February 03, 2026

Transcript

See It, Hear It, Suspect It — Report It!

Security threats don’t always start with outsiders — sometimes, they start with us.

Have you ever seen a SECRET document left out on a desk — only to be read by someone without clearance?

Or a PROTECTED B file shared in a large unit Teams chat — downloaded by people who didn’t need to see it?

Or a CAF member in uniform discussing deployment details in a coffee shop — overheard by strangers?

Security incidents happen more often than one would think — and even one small slip can have big consequences, putting DND/CAF information, services, and assets at risk.

If you see it, hear it, or suspect it — report it – immediately.

Report it either to:

  • Your Chain of Command
  • Your Unit Security Supervisor
  • Your Information System Security Officer
  • Area, Formation, or Local Help/Service Desk
  • Your local Military Police
 
See It, Hear It, Suspect It — Report It!
Infographic - Text version

See It, Hear It, Suspect It — Report It!

What is a security incident?

Any event, act or omission that could compromise DND/CAF, information, services or assets.

Let’s break it down:

Security incidents fall into two categories:

  1. Violation A rule is broken (deliberately or accidentally) but no sensitive information (Classified, Protected or assets) is compromised.
  2. Breach — is a violation of sensitive information that leads to actual or potential compromise (accessed or exposed).

This happens more than you think:

  • VIOLATION: An employee leaves a SECRET document on their desk in a High Security Zone (HSZ), and no one has seen it.

    Rules were broken, but information was not compromised.

    BREACH: An employee leaves a SECRET document on their desk in a HSZ. A colleague without the required clearance or need-to-know walks by and reads it.

    Information has been compromised.

  • VIOLATION: An employee uploads an unencrypted PROTECTED B document to SharePoint, but it’s removed before anyone views or downloads it.

    Rules were broken, but information was not compromised.

    BREACH: An employee posts a PROTECTED B document in a large unit group chat on Teams. It’s deleted later, but several colleagues without the need to know viewed and downloaded it.

    Information has been compromised – sharing PROTECTED B files on MS Teams is always prohibited.

  • VIOLATION: A CAF member discusses protected deployment information in a coffee shop while in uniform. No one overhears.

    Rules were broken, but information was not compromised.

    BREACH: A CAF member discusses protected deployment information in a coffee shop while in uniform. A nearby stranger without a clearance or need-to-know overhears.

    Information has been compromised.

If in doubt - take immediate mitigating actions (within your authority) to contain the incident and prevent further damage.

Report either to:

  • Your Chain of Command
  • Your Unit Security Supervisor (USS)
  • Your Information System Security Officer (ISSO)
  • Area, Formation, or Local Help/Service Desk
  • Your local Military Police

For more information:

Contact the Security Event Management (SEM/SIM) Section via DWAN, CSNI, or SPARTAN

National Defence Security Orders and Directives NDSOD — Chapter 12: Security Incident Management

Infographic [PDF - 6,544 KB]

Page details

2026-02-03