Initial commit
This commit is contained in:
Paul Jenkins
62
04-registers/incident-register-template.md
Normal file
62
04-registers/incident-register-template.md
Normal file
@@ -0,0 +1,62 @@
|
||||
Title: Incident Register Template
|
||||
Document ID: [REG-INCIDENT-001]
|
||||
Version: 0.1 Draft
|
||||
Status: Draft
|
||||
Owner: CISO (Paul Jenkins)
|
||||
Approver: CISO (Paul Jenkins)
|
||||
Classification: Internal
|
||||
Effective date: [DD Month YYYY]
|
||||
Review date: [DD Month YYYY]
|
||||
|
||||
# Incident Register Template
|
||||
|
||||
## Purpose
|
||||
|
||||
This template provides the structure for recording security incidents and tracking their status and outcomes.
|
||||
|
||||
## Scope
|
||||
|
||||
This register applies to suspected and confirmed information security incidents affecting in-scope people, information, systems, services, suppliers, or customers.
|
||||
|
||||
## Data Fields / Expected Columns
|
||||
|
||||
The register should record at least:
|
||||
|
||||
- incident ID
|
||||
- date reported
|
||||
- reported by
|
||||
- incident title
|
||||
- affected asset or service
|
||||
- severity
|
||||
- status
|
||||
- summary
|
||||
- containment status
|
||||
- notification required
|
||||
- owner
|
||||
- closure date
|
||||
- lessons learned or linked actions
|
||||
|
||||
## Ownership
|
||||
|
||||
This register should be owned by [Role]. Incident coordinators or handlers should maintain the status and outcome of each entry.
|
||||
|
||||
## Update Frequency
|
||||
|
||||
The register should be updated when incidents are opened, reclassified, escalated, contained, communicated, or closed.
|
||||
|
||||
## Retention
|
||||
|
||||
Incident records should be retained in line with legal, contractual, audit, and operational requirements.
|
||||
|
||||
## Template Table
|
||||
|
||||
| Incident ID | Date Reported | Reported By | Incident Title | Affected Asset / Service | Severity | Status | Summary | Containment Status | Notification Required | Owner | Closure Date | Lessons Learned / Linked Actions |
|
||||
| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- |
|
||||
| [INC-001] | [DD Month YYYY] | [Name / Role / System] | [Short title] | [Asset / service] | [Low/Medium/High/Critical] | [Open / Investigating / Contained / Closed] | [Summary] | [In Progress / Complete] | [Yes / No / Under Assessment] | [Role] | [DD Month YYYY] | [Summary / corrective action ref] |
|
||||
|
||||
## Related Documents
|
||||
|
||||
- Incident Response Policy
|
||||
- Security Incident Handling Procedure
|
||||
- Breach Notification Procedure
|
||||
- Corrective Actions Register Template
|
||||
Reference in New Issue
Block a user