Incident Reporting Form
Here is a good example of an online incident reporting form that you can use as part of your incident response process. It’s from the State of North Carolina Office of Information Technology Services.
Here are some of the areas covered on the form:
- Physical location (s) of victim’s computer system/network
- IP Address of attacked or compromised host/network
- Is the affected system/network critical to the organization’s mission?
- Which Critical Infrastructure sector was affected?
- Nature of Problem?
- Intrusion
- System impairment/denial resources
- Unauthorized root access
- Web site defacement
- Compromise of system integrity
- Hoax
- Theft
- Damage
- Unknown
- Other
- Has this problem been experienced before?
- Suspected method of intrusion/attack
- Virus (provide name if known)
- Vulnerability exploited (explain)
- Denial of Service
- Trojan horse
- Distributed Denial of Service
- Trapdoor
- Unknown
- Other
- Suspected perpetrator(s) or possible motivation(s) of the attack
- The apparent source (IP address) of the intrusion/attack
- Evidence of spoofing?
- What computer system (hardware and/or software) was affected?
- Did this incident involve a suspected or actual breach of confidential or personally identifiable information?
- Did the intrusion/attack result in damage to system(s) or data?
- What actions and/or technical mitigation have been taken?
- Incident Priority
Here’s an archived copy of the form: Incident Reporting Form