Information Security Event Reporting Form

This form should be completed in the event of an actual, suspected or potential Information Security Event.

This form should be completed in line with the Information Security Event Reporting Procedures.

The effective management of information security events is required in order to ensure we meet our obligations as set out in our security policies in order to maintain the security and integrity of the data we hold, as well as being necessary to ensure mitigating and remedial measures can be put in place properly.

This form can be completed by any staff member that becomes, or is aware of an information Security Event.  Third party users of BoSH should immediately refer incidents to their link staff member.  Section 1 of this form should be completed as soon as possible and submitted to ISM/ITM.  A verbal report can be made if necessary, depending on the urgency, with the completed form being sent within 48 hours of the verbal report being made.

PLEASE DO NOT CONTINUE TO WORK ON THE AFFECTED COMPUTER UNTIL CLEARANCE HAS BEEN GIVEN BY IT.

1.1 – REPORTING PERSON DETAILS

1.2 – INCIDENT DETAILS

Guidance - Please provide as much detailed information as possible: What malfunctioned, what (sequence of) actions you were executing at the time, what messages came up on your screen, what precise things or strange behaviour occurred, what appeared to be the breach or other issue, what services, facilities or equipment ceased to be available, awareness of any human errors or non-compliance with organisational policies, procedures or work instructions, or breaches of physical security.
Please detail what was done immediately following the incident: i.e. did the user continue to work on their computer, accessed any drives before reporting, etc

Type of Incident

Tick all that apply. Please note that that this is not an exhaustive list of security events – other incidents may occur which is not listed here.

IMPORTANT!

Staff and other users are advised not to attempt to investigate the suspected security event or to prove suspected information security vulnerabilities. Testing vulnerabilities can be interpreted as a potential misuse of the system and can also cause damage to the information system or service, and it can corrupt or obscure digital evidence. Ultimately, it can result in legal liability for the individual performing the testing.