Writing the Security Breach Report Form document
Incident Report: Security Date Reported: Current Date. Employee: First Last Department: Department Supervisor: Supervisor Date / Time of Injury: Insert Incident Date and Time. Point of Contact (POC) Information Name: Phone: Job title of signator, authorized signature or signer. Point of Contact must complete the following form and file it with the Security Department as well as the Human Resources Department.
The following is a high-level description of the incident for summary purposes only. Distribution of this report is limited to the following departments on a NEED-TO-KNOW basis only. If you have any questions related to this summary, please contact at method for more information. Description of Incident / Intrusion Describe the injury as well as the events or what happened to cause this incident.
Attach additional pages if necessary. Witnesses Did anyone witness the incident or evidence of the incident after it occurred?
Yes ? No ? Name(s) of Witnesses:
Type of Intrusion (Please check all that apply) Intrusion ? Data Breach ? Theft ? Malware/Trojan/Virus ? Compromised System ? Physical Intrusion ? Other ?
Intrusion Location and Information: (Name, Address, Phone if applicable) Notes:
Effect of Intrusion (Please check all that apply. Loss of Data ? Unauthorized Access of Data ? Theft ? Degradation of Service(s) ? Interruption of Service ?
Physical Damage to System(s) ? Unauthorized Escalation of Privileges ? Physical Intrusion ? Other ?
Insert the systems this intrusion affected.
Describe how, where, and by whom this intrusion was first detected.
Communication / Notification
Describe the notifications and communication that were carried out at every step. Also describe any initial notification, follow-up, resolutions and communication(s) that still need to be made at this stage.
Evidence and Documentation
Describe the evidence and documentation, logging, files, etc., that have been gathered at each step, and indicate by whom they were gathered. Attach additional sheets if necessary.
Describe the work flow of the incident response, including personnel involved at each stage and all actions taken. Attach additional sheets if necessary. Corrective Action(s) Taken and Incident Resolution. Describe the corrective actions taken, including names of parties responsible for those actions, to address each system impacted by the intrusion.
Attach additional sheets if necessary.
Conclusion and Findings
Insert conclusions reached at this stage. Attach additional sheets if necessary.
Conclusions may include:
The root or proximate cause of this incident. Precautions that could have prevented this. The direct and indirect impact on the Company and its systems, customers, users, employees, etc. The estimated cost to investigate, respond to, and correct the intrusion.
The steps that have been taken to prevent the incident from happening again and to limit further interruption. The additional actions, research or communication that need to happen.