《security incident reporting form - texas department of 安全事件报告表-德克萨斯部》由会员分享,可在线阅读,更多相关《security incident reporting form - texas department of 安全事件报告表-德克萨斯部(5页珍藏版)》请在金锄头文库上搜索。
1、Security Incident Reporting FormInstructions: To enhance mutual support, Texas Administrative Code Chapter 202.26 and 202.76, Security Incidents requires each state agency and institution of higher education (agency/IHE) to report all security incidents in a timely and secure manner to the Texas Dep
2、artment of Information Resources (DIR). Each agency/IHE is responsible for assessing the significance of a security incident within their organization and for submitting this report to DIR based on the business impact on affected resources and the current and potential technical effect of the incide
3、nt (e.g., loss of revenue, productivity, access to services, reputation, unauthorized disclosure of confidential information, or propagation to other networks). Please use the following form to document relevant security incident information.Depending on the criticality of the incident, gathering al
4、l information prior to reporting to DIR may not always be feasible. In such cases, incident response teams should make an initial report and then continue to report information to the DIR as it is collected.All security incident reports provided to DIR in response to TAC 202 requirements will be cla
5、ssified and handled as Confidential per Chapter 2059.055 Texas Government Code (TGC) andChapter 552.139 Texas Business and Commerce Code (TB&CC).If criminal action is suspected, (e.g., violations of Chapter 33, Penal Code, Computer Crimes, or Chapter 33A, Penal Code, Telecommunications Crimes), the
6、agency/IHE is also responsible for contacting the appropriate law enforcement and investigative authorities. 1. Contact InformationFull name:Job title:Agency/IHE:Division or office:Work phone:Mobile phone:E-mail address:Fax number:Additional contact information:2. Type of Incident (Check all that ap
7、ply)c Account compromise (e.g., lost password)c Denial-of-Service (including distributed)c Malicious code (e.g., virus, worm, Trojan)c Misuse of systems (e.g., acceptable use)c Reconnaissance (e.g., scanning, probing)c Social engineering (e.g., phishing, scams)c Technical vulnerability (e.g., 0-day
8、attacks)c Theft/loss of equipment or mediac Unauthorized access (e.g., systems, devices)c Unknown/Other (Please describe below)Description of incident:3. Scope of Incident (Check one)c Critical (e.g., affects public safety or state-wide information resources)c High (e.g., affects agency/IHEs entire
9、network or critical business or mission systems)NOTE: All incidents deemed critical or high require additional notification by phone.c Medium (e.g., affects agency/IHEs network infrastructure, servers, or admin accounts)c Low (e.g., affects agency/IHEs workstations or user accounts only)c Unknown/Ot
10、her (Please describe below)Estimated quantity of systems affected:Estimated quantity of users affected:Third parties involved or affected:(e.g., vendors, contractors, partners)Additional scope information:4. Impact of Incident (Check all that apply)c Loss of access to servicesc Loss of productivityc
11、 Loss of reputationc Loss of revenuec Propagation to other networksc Unauthorized disclosure of data/information c Unauthorized modification of data/informationc Unknown/Other (Please describe below)Estimated total cost incurred:(e.g., cost to contain incident, restore systems, notify data owners)Ad
12、ditional impact information:5. Sensitivity of Affected Data/Information (Check all that apply)c Confidential/sensitive data/infoc Non-sensitive data/infoc Publicly available data/infoc Financial data/infoc Personally identifiable information (PII)c Intellectual property/copyrighted data/infoc Critic
13、al infrastructure/key resourcesc Unknown/other (Please describe below)Data encrypted? Yes _ No _Quantity of data/information affected:(e.g., file sizes, number of records)Additional affected data information:6. Systems Affected by Incident (Provide as much detail as possible)Attack sources (e.g., IP
14、 address, port):Attack destinations (e.g., IP address, port):IP addresses of affected systems:Domain names of affected systems:Primary functions of affected systems:(e.g., web server, domain controller)Operating systems of affected systems:(e.g., version, service pack, configuration)Patch level of a
15、ffected systems:(e.g., latest patches loaded, hotfixes)Security software loaded on affected systems:(e.g., anti-virus, anti-spyware, firewall, versions, date of latest definitions)Physical location of affected systems:(e.g., state, city, building, room, desk)Additional system details:7. Users Affected by Incident (Provide as much detail as possible)Names and job titles of affected users:System access levels or rights of affected users:(e.g., regular user, domain administrator, root)Additional user details:8. Ti
