Information Security Incident Report Example [Edit & Download]

Incident Overview:

• Incident ID: A unique identifier for the incident.
• Date and Time of Incident: When the incident occurred.
• Date and Time Reported: When the incident was reported.
• Reporting Individual: Name and position of the person who reported the incident.

Incident Description:

• Type of Incident: Category of the incident (e.g., data breach, phishing attack, malware infection).
• Description of the Incident: A detailed narrative describing what happened, including how the incident was detected.

Affected Assets:

• Systems Affected: Details on which systems, networks, or data were compromised or affected.
• Data Classification: Types of data involved (e.g., confidential, public, sensitive).

Incident Detection:

• Detection Method: How the incident was detected (e.g., by an intrusion detection system, during a routine audit, reported by an employee).
• Initial Detector: Person or system that initially detected the incident.

Response and Containment:

• Immediate Actions Taken: Steps taken immediately after the incident was discovered to contain it and prevent further damage.
• Containment Strategy: Overview of strategies used to contain the incident.

Impact Assessment:

• Operational Impact: Effect on the organization’s operations.
• Data Impact: Extent of data loss, unauthorized access, or corruption.
• Financial Impact: Estimated costs associated with the incident (e.g., lost revenue, fines, remediation costs).
• Reputational Impact: Potential or actual impact on the organization’s reputation.

Investigation:

• Investigation Team: Names and roles of the individuals involved in investigating the incident.
• Key Findings: Major discoveries made during the investigation.
• Root Cause: Identified root cause of the incident.

Recovery and Restoration:

• Recovery Actions: Steps taken to restore systems and data to normal operation.
• Timeline of Recovery: Detailed timeline from detection to recovery.

Lessons Learned and Future Prevention:

• Lessons Learned: Key insights gained from handling the incident.
• Preventative Measures Implemented: Security enhancements and changes made to prevent future incidents.
• Recommendations for Future Prevention: Further actions suggested to strengthen security.

Documentation and Evidence:

• Logs and Evidence: A list of logs, files, and other forms of evidence collected during the incident response and investigation.
• Documentation of Communication: Record of all communications made during the management of the incident, including internal notifications and external communications if applicable.

Sign-Off:

• Compiled By: Name of the person who compiled the report.
• Reviewed By: Names of the stakeholders who reviewed the report.
• Date of Report Completion: Date when the report was finalized.