SECURITY INCIDENT RESPONSE (SHORT FORM)
Page _____ of _____
The following is a sample incident report. The report is an example of the types of information and incident details that will be used to track and report security incidents for CSU. The format of this report is subject to change as reporting standards and capabilities are further developed.
Contact Information and Incident Last Name: Job Title: Phone: Mobile: Email:
First Name: Alt Phone: Pager: Fax:
Incident General Information Incident #:
Source of Incident:
External Internal
Date/Time of Incident Occurred: Campus/Site: Impact Category:
Type of Incident:
Date/Time of Incident Detected: Severity Level: Low Campus Only Confidential/Personal Identifiable Information Affected? Systems and Services Impacted: [Affected systems and services]
Malware
Yes
No
Incident Summary Comments
Example … Received numerous reports of Trojan distribution email. The mail messages contained a link to angelfire.com. This site contained pages with code to exploit a recent vulnerability in IE 6. Accessing the pages forced a download of a SubSeven variant. Approximately 20 employees were affected.
Comments:
Example …Desktop malware detection signatures updated and deployed. Angelfire website has been taken offline and blocked at network egress points.
Comments:
[Follow-on actions recommended to be taken, if any.]
Comments:
[Any additional notes, information or observations related to the security incident or this report.]
Incident Mitigation
Recommendation
Additional Comments/Notes
File=secincidentrespshortform.doc
(Confidential)
[Rev: Mar-05]