Scribd
Upload
29 views6 pages

Incident Tracking Form

Uploaded by

yashashmiwork
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
29 views6 pages

Incident Tracking Form

Uploaded by

yashashmiwork
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Incident Tracking Form

G E N E R A L I N F O R M AT I O N
Complete the following fields to document general information about the incident.

Incident Name Reported By

Occurrence Date & Time Reported Date & Time Email Address

Status Phone Number

- Select One -

Summary

HANDLERS
Document the names and contact information of the individuals responsible for managing the incident.

Lead Incident Handler Public Relations Coordinator

Technical Specialist Audit & Compliance Specialist

Legal Advisor Other Handlers

Visit Tandem.App for more incident management resources.


Tandem, LLC Copyright © 2021
C AT E G O R I E S
Mark the checkboxes next to the applicable categories for the incident.

Account Takeover Policy Violation


A malicious actor gaining access to a legitimate user’s Failure to comply with applicable laws, regulations,
account credentials. Subcategories could include policies, etc. which could result in negative legal or
customer, corporate, employee account takeover, etc. compliance action.

Criminal Activity Social Engineering


Illegal conduct by an individual, organization, or other An attack that exploits human nature and behavior to
group of malicious actors. Subcategories could include convince the target to perform an unauthorized operation
fraud, sabotage, vandalism, etc. or reveal proprietary information. Subcategories could
include impersonation, phishing, smishing, vishing, etc.

Data Breach
Data accessed, modified, and/or exfiltrated by an System Failure
unauthorized entity. Subcategories could include breaches The failure of or vulnerability in a system which can cause
of customer data, privacy data (e.g., PII or PHI), the delays in processing, monetary loss, or loss of data.
organization’s proprietary data, etc. Subcategories could include application failure, network
failure, power failure, etc.

Denial-of-Service
Malicious activity preventing authorized access to Third Party
resources. An incident originating from or through a third party,
causing direct or indirect damage to the organization.
Subcategories could include third-party data breaches,
service unavailability, etc.
Human Error
An accidental, improper, or otherwise ill-chosen act by an
individual (e.g., employee, third-party, etc.) which results in
Unauthorized Use
processing delays, equipment damage, or compromised
The unapproved use of systems or data.
data.

Other
Lost / Stolen Asset
Lost or stolen systems, equipment, and/or applications (e.g.,
desktops, laptops, mobile devices, removable media, etc.).

Malicious Code
Unauthorized software applications designed to access a
system, including a variety of forms of hostile, intrusive, or
annoying code. Subcategories could include botnets,
keyloggers, ransomware, rootkits, trojans, viruses, worms,
etc.

Natural Event
Uncontrollable events caused by nature (e.g., tornado,
hurricane, earthquake, lightning, flood, etc.).

Visit Tandem.App for more incident management resources.


Tandem, LLC Copyright © 2021
SEVERITY
Use the matrix below to help determine the incident’s severity level.

Severity Level

- Select One -

EVIDENCE
List of Evidence
Document a list of evidence gathered during the investigation, as well as chains of custody, when applicable.

Visit Tandem.App for more incident management resources.


Tandem, LLC Copyright © 2021
DETECTION
How was the incident detected?

A N A LY S I S
Scope Origins
Describe the areas, networks, systems, applications, etc. which Describe who or what originated the incident, such as names
are affected by the incident. Document specific details, such as and IP addresses of systems conducting the attack, or publicly
model numbers, serial numbers, host names, IP addresses, etc. available information about the attacker(s).

Occurrence Patterns Recurrence Details


Describe how the incident occurred or is currently occurring, If this is a recurrence, provide details about the incident’s
such as what tools or attack methods are being used, what previous occurrence(s), including a summary of root causes or
vulnerabilities are being exploited, and incident characteristics. failed controls which caused the incident to recur.

C O N TA I N M E N T
Could the containment strategy interfere with Could the containment strategy interfere with
evidence preservation? service availability?

Yes No Yes No

What is the level of containment? What is the solution duration?

N/A Partial Full N/A Short-Term Long-Term Permanent

Necessary Time and Resources Potential Damage Assessment


Document the projected time and resources necessary to Assess the potential damage to the organization, if the incident
contain the incident. was not contained.

Visit Tandem.App for more incident management resources.


Tandem, LLC Copyright © 2021
E R A D I C AT I O N
Eradication Actions Performed
Examples of eradication strategies include malware removal, disabling compromised accounts, reimaging compromised systems, and
patching exploited vulnerabilities.

RECOVERY
Recovery Actions Performed
Examples of recovery strategies include restoring data from a backup, rebuilding servers, replacing hardware, and reprovisioning
accounts.

POSTMORTEM
Meeting Date Damage Estimate

Meeting Attendees

Could any measures have prevented the incident?

Meeting Notes
Document notes from the postmortem meeting, including lessons learned, details of what occurred with the incident, steps which were
taken to intervene, outcomes of the handling process, and next steps to be taken.

Visit Tandem.App for more incident management resources.


Tandem, LLC Copyright © 2021
C O M M U N I C AT I O N
Mark the checkboxes to identify the parties who received updates or information about the incident. Please
note, not all parties may need notification about every incident, but they should be notified of applicable
incidents.
Organization Personnel Third Parties

Board of Directors Financial Crimes Enforcement Network (FinCEN)

BSA/AML Information Sharing Agencies

Business Continuity Insurance Agencies

Compliance Internet Service Providers

Fraud Prevention Law Enforcement

IT Operations National Automated Clearing House Association (NACHA)

Legal Nationwide Consumer Reporting Agencies

Senior Management Payment Providers

Vendor Management Primary Federal Regulator

Customers Receiving Institutions

Other (describe below) Vendors

Visit Tandem.App for more incident management resources.


Tandem, LLC Copyright © 2021

You might also like