Security Incident Report

(1) IR security incidents will be reported by the person observing or discovering the occurrence to the Division IO. The Division IO is responsible for recording and reporting security incidents to the CIO for tracking and reconciliation of the suspected incident. Suspected IR security incidents will be reported to the CIO within 1 hours of the occurrence.
(2) IR security incidents shall be recorded on a security incident report form. The following minimum information about a security violation or incident shall be entered on the IR security violation/incident form:
(a) Location of incident and organization filing report;__________________________________________________
__________________________________________________________________________________________
(b) Reported by (Name, Title and Organization);_____________________________________________________
__________________________________________________________________________________________
(c) Date and time of report filing;_________________________________________________________________
__________________________________________________________________________________________
(d) Date and time of incident; ___________________________________________________________________
__________________________________________________________________________________________
(e) Details of incident (include names of personnel involved and description of the who, what, when, where, how, and why);_____________________________________________________________________________________
_________________________________________________________________________________________
(f) The name and title of the person to whom the incident initially was reported to;____________________________
_________________________________________________________________________________________
(g) Identification of whether the Inspector General or appropriate law enforcement organization has been notified;____
_________________________________________________________________________________________
(h) Incident impact on day-to-day operations;_______________________________________________________
_________________________________________________________________________________________
(i) Action taken to contain the incident and resources required to correct the incident (in cases of system outage note what vendors have been contacted);____________________________________________________________
_______________________________________________________________________________________
(j) Short-range corrective action, such as discontinuing the use of an infected computer diskette, immediately removing a terminated employee's access privileges;___________________________________________________________
_________________________________________________________________________________________
(k) Long-range corrective actions, as necessary;_____________________________________________________
_________________________________________________________________________________________
(l) Estimated monetary damage;_________________________________________________________________
_________________________________________________________________________________________
(m) Additional information, as appropriate;_________________________________________________________
_________________________________________________________________________________________