SlideShare a Scribd company logo

Incident report-final

M
MichaelRodriguesdosS1

This document is an information security incident report form that collects details about a security incident. It requests information such as the name of the person filing the report, date of the incident, systems impacted, type of incident which could include malware infection or unauthorized access, severity of the incident from negligible to impacting external networks, data compromised which could be sensitive data or PII, costs incurred to address the incident, remediation steps taken, and whether authorities need to be notified.

Technology
1 of 4
Download to read offline
1
2
3
4
Information Security Incident Report Form Name: Email address: Telephone/Mobile number: Date of report: Incident detection date: Has the incident been resolved (yes/no) Organization name and address: Incident Overview Location of incident (site) Nature of Incident (select all that apply) (a) Suspicious system and network activities (b) Compromise of sensitive information (c) Unauthorized access or attempts to access a system (d) Emails with suspicious attachments or links (e) Denial of service attacks (f) Suspected tampering of electronic devices (g) Malware infection • Cryptlocker • Coin miner • Remote access trojan • Credential harvesting malware • Botnet • Other malware (describe) (h) Reconnaissance (scanning/probing) (i) Social engineering (j) Account compromise Incident Severity (a) None/Negligible (suspicious activity only) (b) Minor (Impacts single computer, non-privileged account) (c) Moderate (Impacts part of the organization’s infrastructure) (d) High (impact’s organization’s entire infrastructure/privileged accounts) (e) Very High (has impact beyond the organization) How did the organization become aware of the incident? Provide a general description of the incident:
Incident Report Incident Impact (select all that apply) (a) Loss of access to services (b) Loss of productivity (c) Loss of reputation (d) Loss of revenue (e) Propagation to other networks (f) Unauthorized disclosure of data/information (g) Unauthorized modification of data/information (h) Unknown/Other (please describe) What steps were taken to investigate the nature and severity of the incident? What systems were impacted? • IP addresses of affected systems: • FQDN of affected systems: • Role of affected systems (Domain controller/DNS/DHCP/Web Server): • Operating systems of affected systems: • Patch level of affected systems: • Security software on affected systems: • Physical location of affected systems: • Additional details: Which applications were impacted? What unauthorized data access occurred? Which privileged user accounts were impacted?
Which unprivileged user accounts were impacted? Which third parties were impacted (Vendors/Contractors/Partners) Sensitivity of Compromised Data (select all that apply) (a) Confidential/Sensitive data (b) Non-sensitive data (c) Publicly available data (d) Financial data (e) Personally identifiable information (PII) (f) Intellectual property (g) Critical infrastructure/key resources (h) Other (describe) What would the consequences be of the data that was accessed in an unauthorized manner becoming public? What is the time frame of the incident? Suspected initial date/time of compromise: Detection date/time: Incident remediation date/time: How did the breach occur? (select all that apply) (a) DDoS (b) Malware (c) Misconfiguration (d) Phishing (e) Vulnerability exploit (f) Unknown Suspected perpetrators: (a) Insider (b) Former staff (c) Other (d) Unknown Estimated total cost incurred: (Cost to contain incident, restore systems, notify stakeholders) What steps have been taken to remediate the cause of and vulnerabilities related to the incident?
What additional controls should be in place to prevent the incident reoccurring? Do any authorities need to be notified about the details of the incident? Additional impact information:

More Related Content

PDF
MITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, Tripwire
MITRE - ATT&CKcon
 
PDF
Understanding Network Insight Integrations to Automate Containment and Kick S...
Core Security
 
PPTX
Introduction To Vulnerability Assessment & Penetration Testing
Raghav Bisht
 
PPTX
PIDS research slides from MALCON 2018 conference - Asaf Hecht
Asaf Hecht
 
PPTX
VAPT, Ethical Hacking and Laws in India by prashant mali
Adv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
PDF
Verizon Breach Investigation Report (VBIR).pdf
Priyanka Aash
 
PDF
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
WAJAHAT IQBAL
 
PPTX
information security awareness course
Abdul Manaf Vellakodath
 
MITRE ATT&CKcon 2018: ATT&CK as a Teacher, Travis Smith, Tripwire
MITRE - ATT&CKcon
 
Understanding Network Insight Integrations to Automate Containment and Kick S...
Core Security
 
Introduction To Vulnerability Assessment & Penetration Testing
Raghav Bisht
 
PIDS research slides from MALCON 2018 conference - Asaf Hecht
Asaf Hecht
 
VAPT, Ethical Hacking and Laws in India by prashant mali
Adv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Verizon Breach Investigation Report (VBIR).pdf
Priyanka Aash
 
CYBERSECURITY - Best Practices,Concepts & Case Study (Mindmap)
WAJAHAT IQBAL
 
information security awareness course
Abdul Manaf Vellakodath
 

Similar to Incident report-final (20)

PDF
Why My E Identity Needs Protection
ecarrow
 
PPT
Ethical Hacking
Keith Brooks
 
PPTX
Cyber security for business
Daniel Thomas
 
ODP
Securing GIS data
Joachim Van der Auwera
 
PDF
Hacking and protecting yourself from hackers .
Preethi T G
 
PPTX
Using Big Data to Counteract Advanced Threats
Zivaro Inc
 
PDF
Pennington - Defending Against Targeted Ransomware with MITRE ATT&CK
Adam Pennington
 
PDF
Computer security
Mahesh Singh Madai
 
PDF
Security and Privacy.PDF
Chetanmalviya8
 
PDF
Unifica la seguridad de tus operaciones con la plataforma de Cortex XDR
Cristian Garcia G.
 
PPTX
Regan, Keller, SF State Securing the vendor mr&ak
DET/CHE Directors of Educational Technology - California in Higher Education
 
PPT
Lecture8 to identify the (Cyber Crime).ppt
engrkarimullah5806
 
PDF
distinguishing-threat-actors-vectors-and-intelligence-sources-slides.pdf
DoctorGarcia1
 
PDF
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
jainutkarsh078
 
PPTX
Online security and payment system
Gc university faisalabad
 
PPTX
Threats to system power point 1
Rebecca Jones
 
PDF
CH1- Introduction to malware analysis-v2.pdf
WajdiElhamzi3
 
PDF
Incident handling is a clearly defined set of procedures to manage and respon...
Varun Mithran
 
PPTX
Intrusion Detection Systems Pedagogy.pptx
sowaibakhan3
 
PPTX
digitalforensicpptlatest28-230522192202-1d9b832e (1).pptx
MoshoodKareemOlawale
 
Why My E Identity Needs Protection
ecarrow
 
Ethical Hacking
Keith Brooks
 
Cyber security for business
Daniel Thomas
 
Securing GIS data
Joachim Van der Auwera
 
Hacking and protecting yourself from hackers .
Preethi T G
 
Using Big Data to Counteract Advanced Threats
Zivaro Inc
 
Pennington - Defending Against Targeted Ransomware with MITRE ATT&CK
Adam Pennington
 
Computer security
Mahesh Singh Madai
 
Security and Privacy.PDF
Chetanmalviya8
 
Unifica la seguridad de tus operaciones con la plataforma de Cortex XDR
Cristian Garcia G.
 
Regan, Keller, SF State Securing the vendor mr&ak
DET/CHE Directors of Educational Technology - California in Higher Education
 
Lecture8 to identify the (Cyber Crime).ppt
engrkarimullah5806
 
distinguishing-threat-actors-vectors-and-intelligence-sources-slides.pdf
DoctorGarcia1
 
onlinesecurityandpaymentsystem-140116021418-phpapp01.pdf
jainutkarsh078
 
Online security and payment system
Gc university faisalabad
 
Threats to system power point 1
Rebecca Jones
 
CH1- Introduction to malware analysis-v2.pdf
WajdiElhamzi3
 
Incident handling is a clearly defined set of procedures to manage and respon...
Varun Mithran
 
Intrusion Detection Systems Pedagogy.pptx
sowaibakhan3
 
digitalforensicpptlatest28-230522192202-1d9b832e (1).pptx
MoshoodKareemOlawale
 
Ad

More from MichaelRodriguesdosS1 (12)

PDF
Post naval thesis in cyber security
MichaelRodriguesdosS1
 
PDF
Ims16 thesis-knabl-v1.1
MichaelRodriguesdosS1
 
PDF
Convolutional Neural Networks
MichaelRodriguesdosS1
 
PDF
Bitcoin Crime Investigation
MichaelRodriguesdosS1
 
PDF
Malware Analysis
MichaelRodriguesdosS1
 
PDF
AWS Pentesting
MichaelRodriguesdosS1
 
PDF
Investigation in deep web
MichaelRodriguesdosS1
 
PDF
Incident report-final
MichaelRodriguesdosS1
 
PDF
Hipaa basics
MichaelRodriguesdosS1
 
PDF
Iot developer-survey-2019
MichaelRodriguesdosS1
 
PDF
Securing io t_with_aws
MichaelRodriguesdosS1
 
PDF
Incident Response
MichaelRodriguesdosS1
 
Post naval thesis in cyber security
MichaelRodriguesdosS1
 
Ims16 thesis-knabl-v1.1
MichaelRodriguesdosS1
 
Convolutional Neural Networks
MichaelRodriguesdosS1
 
Bitcoin Crime Investigation
MichaelRodriguesdosS1
 
Malware Analysis
MichaelRodriguesdosS1
 
AWS Pentesting
MichaelRodriguesdosS1
 
Investigation in deep web
MichaelRodriguesdosS1
 
Incident report-final
MichaelRodriguesdosS1
 
Hipaa basics
MichaelRodriguesdosS1
 
Iot developer-survey-2019
MichaelRodriguesdosS1
 
Securing io t_with_aws
MichaelRodriguesdosS1
 
Incident Response
MichaelRodriguesdosS1
 
Ad

Recently uploaded (20)

PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Teaching material agriculture food technology
LiaRayya
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Approach and Philosophy of On baking technology
30anthuong17
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 

Incident report-final

  • 1. Information Security Incident Report Form Name: Email address: Telephone/Mobile number: Date of report: Incident detection date: Has the incident been resolved (yes/no) Organization name and address: Incident Overview Location of incident (site) Nature of Incident (select all that apply) (a) Suspicious system and network activities (b) Compromise of sensitive information (c) Unauthorized access or attempts to access a system (d) Emails with suspicious attachments or links (e) Denial of service attacks (f) Suspected tampering of electronic devices (g) Malware infection • Cryptlocker • Coin miner • Remote access trojan • Credential harvesting malware • Botnet • Other malware (describe) (h) Reconnaissance (scanning/probing) (i) Social engineering (j) Account compromise Incident Severity (a) None/Negligible (suspicious activity only) (b) Minor (Impacts single computer, non-privileged account) (c) Moderate (Impacts part of the organization’s infrastructure) (d) High (impact’s organization’s entire infrastructure/privileged accounts) (e) Very High (has impact beyond the organization) How did the organization become aware of the incident? Provide a general description of the incident:
  • 2. Incident Report Incident Impact (select all that apply) (a) Loss of access to services (b) Loss of productivity (c) Loss of reputation (d) Loss of revenue (e) Propagation to other networks (f) Unauthorized disclosure of data/information (g) Unauthorized modification of data/information (h) Unknown/Other (please describe) What steps were taken to investigate the nature and severity of the incident? What systems were impacted? • IP addresses of affected systems: • FQDN of affected systems: • Role of affected systems (Domain controller/DNS/DHCP/Web Server): • Operating systems of affected systems: • Patch level of affected systems: • Security software on affected systems: • Physical location of affected systems: • Additional details: Which applications were impacted? What unauthorized data access occurred? Which privileged user accounts were impacted?
  • 3. Which unprivileged user accounts were impacted? Which third parties were impacted (Vendors/Contractors/Partners) Sensitivity of Compromised Data (select all that apply) (a) Confidential/Sensitive data (b) Non-sensitive data (c) Publicly available data (d) Financial data (e) Personally identifiable information (PII) (f) Intellectual property (g) Critical infrastructure/key resources (h) Other (describe) What would the consequences be of the data that was accessed in an unauthorized manner becoming public? What is the time frame of the incident? Suspected initial date/time of compromise: Detection date/time: Incident remediation date/time: How did the breach occur? (select all that apply) (a) DDoS (b) Malware (c) Misconfiguration (d) Phishing (e) Vulnerability exploit (f) Unknown Suspected perpetrators: (a) Insider (b) Former staff (c) Other (d) Unknown Estimated total cost incurred: (Cost to contain incident, restore systems, notify stakeholders) What steps have been taken to remediate the cause of and vulnerabilities related to the incident?
  • 4. What additional controls should be in place to prevent the incident reoccurring? Do any authorities need to be notified about the details of the incident? Additional impact information: