1. Contact | |
---|---|
Full name | |
Job title | |
Division or office | |
Work phone | |
Mobile phone | |
Email address | |
Additional contact information: |
2. Issue (check all that apply) | |
---|---|
Account Compromise (lost password, suspicious account behavior,…) | Social Engineering (phishing, scams) |
Denial-of-Service (including distributed) | Technical Vulnerability |
Malware (virus, worm, trojan, crypto,…) | Theft/Loss of equipment or media |
Misuse of Systems (acceptable use) | Unauthorized Access (cloud, systems, applications, storage, devices |
Reconnaissance (scanning, probing) | Data Exposure (public access, public share, breach of sensitive data) |
Open Port | Misconfigurations (exposed secrets, default passwords, risky settings,… |
Description of incident: |
3. Severity and Scope (check all that apply) | |
---|---|
Critical (affects system-wide information resources) | |
High (entire network, cloud, or critical business systems) | |
Medium (affects infrastructure, network, cloud, servers, or admin accounts) | |
Low (only affects workstations or user accounts) | |
Unknown/Other (please describe below) | |
NOTE: All incidents deemed critical or high require additional notification by phone | |
Estimated quantity of assets affected | |
Estimated quantity of users affected | |
Third parties involved or affected (vendors, contractors, partners) | |
Additional information: |
4. Impact (check all that apply) | |
---|---|
Loss of Access to Services | Propagation (other regions, segments, assets, partners, customers…) |
Loss of Productivity | Unauthorized Disclosure of Information |
Loss of Reputation | Unauthorized Modification of Information |
Loss of Revenue | Unknown/Other (please describe below) |
Additional Impact Information: |
5. Sensitivity of Affected Data/Information (check all that apply) | |
---|---|
Critical Information | Personally Identifiable Information (PII) |
Non-Critical Information | Intellectual/Copyrighted Information |
Publicly Available Information | Secrets (critical infrastructure/key resources) |
Financial Information | Protected Healthcare Information (PHI) |
Payment Card Information (PCI) | Unknown/Other (please describe below) |
Data encrypted? | |
Location of data (bucket/blob, file, queue, attached volume, persistent volume, network segment) | |
Quantity of data affected (number of records, files, accounts, locations, assets…) | |
Additional affected data information: |
6. Systems Affected (provide as much detail as possible) | |
---|---|
Attack Sources (IP address, port,...) | |
Attack Destinations (IP address, port,…) | |
IP Addresses | |
Domain Names | |
Primary Functions of Affected Systems (web server, domain controller,…) | |
Operating Systems of Affected Systems (version, service pack, configuration,…) | |
Patch Level of Affected Systems (latest patches loaded, hotfixes,…) | |
Security Software on Affected Systems (anti-malware, firewall, versions, date of latest update,...) | |
Affected Systems/Assets (cloud platform, region, account, security group, asset ID,... ) | |
Additional System Details: |
7. Users Affected (provide as much detail as possible) | |
---|---|
Names and Job Titles | |
System Access Levels or Rights of Affected Users (e.g., regular user, domain administrator, root) | |
Additional User Details: |
8. Timeline (provide as much detail as possible) | |
---|---|
Date and time when security officer first detected, discovered, or was notified about the incident | |
Date and time when the actual incident occurred (estimate if exact date and time unknow) | |
Date and time when the incident was contained or when all affected systems were restored (use most recent date and time) Elapsed time between when the incident occurred and when it was discovered Elapsed time between when the incident was discovered and the incident was contained or all affected systems were restored |
|
Detailed Incident Timeline: |
9. Remediation (provide as much detail as possible) | |
---|---|
Actions taken to identify affected resources | |
Actions taken to remediate incident | |
Actions planned to prevent similar future incidents | |
Additional Remediation Details: |
Popup