Incident Report

OFFICIAL #
Information security incident reporting sprea
Reporting Quarter / Year
Department
Business Unit
Agency Contact
email
Phone
Date
Instructions
Further information
OFFICIAL #
mation security incident reporting spreadsheet
Choose
e.g. Department of Housing and Public Works

e.g Queensland Government Chief Information Office (If applicable)
The following process should be used when completing this spreadsheet:
1. Complete this 'Cover' sheet with the required details
2. Click on the 'Detailed reporting' tab and fill out ALL 'Mandatory' fields
3. Indicators of Compromise (IOC's) is a 'Mandatory' field however, there may be more IOC's than can
fit in the cell. In this instance, click the 'IOC' tab, reference the relevant 'Incident number', assign the
'Type' of IOC and finally enter the actual IOC data.
4. Once the 'Cover', 'Detailed reporting' and 'IOC' sheets have been completed, please ensure it is
emailed to the Queensland Government Information Security Virtual Response Team
- Email: QGISVRT@qld.gov.au
- Subject: <Department Name> - Q<number> - <year> - Quarterly Information Security Incident Report
Refer to the Queensland Government Information security incident reporting guideline

OFFICIAL #
INFORMATION SECURITY INCIDENT - DETAILED REPORTING
Mandatory Reporting Fields
Number Business Impact Level Date and Time Discovered Contact Information Incident Type Incident Summary Incident Scope
Recommended details include:

Is the incident limited to:
- The name of your Department
- one system / application
- The name of the staff member reporting the incident High-level summary of what
1 BIL-Low e.g. 03/09/2018, 13:01 Choose - multiple systems / applications
- Phone number(s) happened
- just your department
- Email address(s)
- multiple departments
2 Choose Choose
3 Choose Choose
4 Choose Choose
5 Choose Choose
6 Choose Choose
7 Choose Choose
8 Choose Choose
9 Choose Choose
10 Choose Choose
11 Choose Choose
12 Choose Choose
13 Choose Choose
14 Choose Choose
15 Choose Choose
16 Choose Choose
17 Choose Choose
18 Choose Choose
19 Choose Choose
20 Choose Choose
21 Choose Choose
22 Choose Choose
23 Choose Choose
24 Choose Choose
25 Choose Choose
26 Choose Choose
27 Choose Choose
28 Choose Choose
29 Choose Choose
OFFICIAL #
30 Choose Choose
31 Choose Choose
32 Choose Choose
33 Choose Choose
34 Choose Choose
35 Choose Choose
36 Choose Choose
37 Choose Choose
38 Choose Choose
39 Choose Choose
40 Choose Choose
41 Choose Choose
42 Choose Choose
43 Choose Choose
44 Choose Choose
45 Choose Choose
46 Choose Choose
47 Choose Choose
48 Choose Choose
49 Choose Choose
50 Choose Choose
OFFICIAL #
Incident Closure
Have steps been taken to
Is the incident inside the Has evidence been
Impact to Department Indicators of Compromise Mitigating factors applied Brief description of response actions performed prevent the incident from
trusted network? preserved?
happening again?
Describe what controls were implemented Describe what response actions were performed
How is the Department affected? Included in IOC worksheet
to contain / mitigate the incident once notified of the incident
Choose Choose Choose

OFFICIAL #

OFFICIAL #
NON-MANDATORY
Asset BIL Context Impact Context
Has the policy been Estimated cost of the
Physical locations Service Operating system/version affected
reviewed to prevent incident (incl. containment / Date closed Confidentiality Rating Integrity Rating Availability Rating Cause Origin Affect
of the incident? outsourced? (if applicable)
reoccurrence? prevention)
Choose Confidentiality - Medium Integrity - Medium Availability - Low Choose Choose Choose Choose
Choose Choose Choose Choose Choose Choose Choose Choose
OFFICIAL #

OFFICIAL #
Technical Details External reporting Other

Virtual
Antivirus software
Operating system patch level Patch level for antivirus Authorities? Response Other? Additional comments
installed/enabled
Team?
Choose Choose Choose Choose Choose

OFFICIAL #

OFFICIAL #
INFORMATION SECURITY INCIDENT - INDICATORS OF COMPROMISE

Incident Reference Number Type
enter number from 'detailed reporting' page Choose
OFFICIAL #
CATORS OF COMPROMISE
Data
enter IOC data here
OFFICIAL #
BUSINESS IMPACT LEVEL
Choose
BIL-Low
BIL-Medium
BIL-High
INCIDENT CLASSIFICATION
Choose
Theft/loss of assets
Account Compromise
Phishing
Unauthorised access to information/systems
Unauthorised release of or disclosure of information
Malware infections
Ransomware infections
Intrusions against networks
Abuse of privileges
Unauthorised changes to information, applications, systems or hardware
Violation of information security policy
Suspicious system behaviour or failure (hardware/software) or communications)
Password confidentiality
Sabotage/physical damage
Other events
IMPACT
Choose
Confidentiality
Integrity
Availability
CAUSE
Choose
Deliberate
OFFICIAL #
Accidental
Error
ORIGIN
Choose
Internal
External
AFFECT
Choose
Data
Infrastructure
People
Service
SEVERITY
Choose
None/Negligible
Minor
Moderate
High
Very High
SERVICE OUTSOURCED
Choose
Yes
No
OPERATING SYSTEM PATCH LEVEL
Choose
Not Applicable
Up-to-date
Not up-to-date
ANTIVIRUS SOFTWARE INSTALLED/ENABLED
Choose
OFFICIAL #
Not Applicable
Yes
No
PATCH LEVEL FOR ANTIVIRUS
Choose
Not Applicable
Up-to-date
Not up-to-date
IS THE INCIDENT INSIDE TRUSTED NETWORK
Choose
Yes
No
FOLLOWUP
Choose
Yes
No
AUTHORITIES
Choose
Public Service Commission
Crime and Misconduct Commission
Queensland Police
IOC Type
Choose
IP address (V4)
URI
URL
Email address
Email subject line
Host name
Domain name
MD5 Hash
SHA1 hash
SHA256 hash
SHA384 hash
SHA512 hash
Address
Asynchronous Transfer Mode address
OFFICIAL #
Autonomous System Number

CIDR rule
CVE number
File
File path
IMPHASH
IP address (V6)
IPV4 Netmask
IPV4 Network
IPV6 Netmask
IPV6 Network
MAC address
MUTEX name
Observable Composition
Organization name
PEHASH
Phone number
Registry key
Serial Number
Top-level domain name
Unknown
Windows Executable File
BIL Types
Choose
Confidentiality - Low
Confidentiality - Medium
Confidentiality - High
Choose
Integrity - Low
Integrity - Medium
Integrity - High
Choose
Availability - Low
Availability - Medium
Availability - High
Quarter Selector
Choose
Quarter 4 - 2018
Quarter 1 - 2019
Quarter 2 - 2019
Quarter 3 - 2019
Quarter 4 - 2019
Quarter 1 - 2020
Quarter 2 - 2020
Quarter 3 - 2020
Quarter 4 - 2020
Quarter 1 - 2021
Quarter 2 - 2021
Quarter 3 - 2021
Quarter 4 - 2021
OFFICIAL #
IOC - Mandatory
Choose
Already supplied to QGISVRT
Included in IOC worksheet
No relevant IOC's to report
OFFICIAL #
ations, systems or hardware
ware/software) or communications)

Incident Report

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Incident Report

Загружено:

Авторское право:

Доступные форматы

OFFICIAL #

Information security incident reporting sprea

Reporting Quarter / Year

mation security incident reporting spreadsheet

e.g. Department of Housing and Public Works

The following process should be used when completing this spreadsheet:

1. Complete this 'Cover' sheet with the required details

Refer to the Queensland Government Information security incident reporting guideline

INFORMATION SECURITY INCIDENT - DETAILED REPORTING

Mandatory Reporting Fields

Recommended details include:

Choose Choose Choose

Choose Choose Choose

Choose Choose Choose Choose Choose Choose Choose Choose

Technical Details External reporting Other

Choose Choose Choose Choose Choose

Choose Choose Choose Choose Choose

INFORMATION SECURITY INCIDENT - INDICATORS OF COMPROMISE

BUSINESS IMPACT LEVEL

Unauthorised access to information/systems

Unauthorised release of or disclosure of information

Intrusions against networks

Unauthorised changes to information, applications, systems or hardware

Violation of information security policy

Suspicious system behaviour or failure (hardware/software) or communications)

OPERATING SYSTEM PATCH LEVEL

ANTIVIRUS SOFTWARE INSTALLED/ENABLED

PATCH LEVEL FOR ANTIVIRUS

IS THE INCIDENT INSIDE TRUSTED NETWORK

Public Service Commission

Crime and Misconduct Commission

Autonomous System Number

ations, systems or hardware

Вам также может понравиться