FCA and PRA licenses (authorisations) and ongoing compliance support, training, recruitment. Contact us 7 days a week, 8am-11pm. Free consultations. Phone / Whatsapp: +4478 3368 4449 Email: hirett.co.uk@gmail.com
IT Security Incident Reporting Form
Instructions: This form is to be completed as soon as possible following the detection
or reporting of an Information Technology (IT) security incident. All items completed should be based on information that is currently available. This form may be updated and modified if necessary.
| 1. Contact Information for this Incident | |
| Name: | |
| Title: | |
| Work Phone: | |
| Mobile Phone: | |
| Email address: | |
| 2. Incident Description. | |
| Provide a brief description: | |
| 3. Impact / Potential Impact Check all of the following that apply to this incident. | |
| __ Loss / Compromise of Data
__ Damage to Systems __ System Downtime __ Financial Loss __ Other Company’ Systems Affected __ Damage to the Integrity or Delivery of Critical Services/ Information __ Violation of legislation / regulation __ Unknown at this time |
|
| Provide a brief description: | |
| 4. Sensitivity of Data/Information Involved Check all of the following that apply to this incident. | ||
| Sensitivity of Data | ||
| Category | Example | |
| Public | This information has been specifically approved for public release by Marketing department managers. Unauthorized disclosure of this information will not cause problems for customers, business partners. Examples are marketing brochures. Disclosure of agency information to the public requires the existence of this label, the specific permission of the information Owner. | |
| Internal Use Only | This information is intended for use within the Company, and in some cases within affiliated organizations, such as business partners. Unauthorized disclosure of this information to outsiders may be against laws and regulations, or may cause problems for the Company, its customers, or its business partners. This type of information is already widely distributed within the Copany, or it could be so distributed within the organization without advance permission from the information owner. Examples are most internal electronic mail messages. | |
| Restricted/Confidential (Privacy Violation) | This information is private or otherwise sensitive in nature and must be restricted to those with a legitimate business need for access. Unauthorized disclosure of this information to people without a business need for access may be against laws and regulations, or may cause significant problems for the Company, its customers, or its business partners. Decisions about the provision of access to this information must be cleared through the information owner. Examples are customer/ transaction information, employee performance evaluation records, other. | |
| Unknown/Other | Describe in the space provided | |
| __ Public
__ Internal Use Only |
__ Restricted / Confidential (Privacy violation)
__ Unknown / Other – please describe: |
|
| Provide a brief description of data that was compromised:
|
||
| 5. Who Else Has Been Notified? | ||
| Provide Person and Title:
|
||
| 6. What Steps Have Been Taken So Far? Check all of the following that apply to this incident. | ||
| __ No action taken
__ System disconnected from network __ Updated virus definitions & scanned system |
__ Restored backup from tape
__ Log files examined (saved & secured) __ Other – please describe: |
|
| Provide a brief description: | ||
| 7. Incident Details | ||
| Date and Time the Incident was discovered: | ||
| Has the incident been resolved? | ||
| Physical location of affected system(s): | ||
| Approximate number of systems affected by the incident: | ||
| Approximate number of users affected by the incident: | ||
| Are other systems, business partners, affected by the incident?
(Y or N – if Yes, please describe) |
||
| Please provide any additional information that you feel is important but has not been provided elsewhere on this form. | ||