Example Incidents

Incident Name

The name given for the individual incidents.

Employee received phishing email

Incident Description

The description section offers a detailed and complete summary of the incident, providing the reader with a clear understanding of what it entails.

One of our employees received a phishing email.

Rating

For this example we'll suppose that the employee in question did not click any links from the phishing email and reported it straight away, so we'll assign a rating of Low.

Low

Asset Affected

The specific asset(s) which are affect by this incident.

Since this didn't affect any assets we'll leave this blank.

Date Reported

The specific date on which the incident was reported.

20/05/2023

Status

In the context of an Information Security Management System (ISMS), the status of incident can be described as either open or closed.

• Open - An open incident is a incident that has been identified, assessed, and acknowledged, but has not been mitigated or treated. It remains a potential threat to the organisation and requires further action to reduce its likelihood or impact.

• Close - A closed incident, on the other hand, is an incident that has been adequately mitigated or treated. The organisation has taken appropriate measures to address the incident, and it no longer poses a significant threat to the information assets.

Closed

Date Closed

The specific date on which the incident was mitigated.

21/05/2023

Category

When reporting an incident in an Information Security Management System (ISMS), incidents can be categorised into several categories, including:

• Breach: Unauthorised access to sensitive data or systems.

• Denial of Service: Overwhelming a system or network with traffic or requests to make it unavailable.

• Physical damage: Physical destruction or damage to IT infrastructure or devices.

• Theft: Stealing or unauthorised access to physical or digital assets.

• Vulnerability: Weaknesses or flaws in a system or application that can be exploited by attackers.

• Misconfiguration: Errors or oversights in system settings or configurations.

• Exploitation: Taking advantage of a vulnerability or weakness in a system or application.

• Unauthorised Access Attacks: Gaining access to a system or application without proper authorisation.

• Privilege Escalation Attacks: Exploiting a vulnerability to gain higher levels of access than authorised.

• Insider Threat Attacks: Malicious actions taken by an authorised individual within an organisation.

• Phishing Attacks: Deceptive techniques to trick individuals into revealing sensitive information or performing actions.

• Man-in-the-Middle (MitM) Attacks: Intercepting communication between two parties to steal or modify information.

• Password Attacks: Attempting to crack or steal passwords to gain access to systems or applications.

Phishing Attacks

Identified By

The name of the individual who reported the incident.

Frodo Baggins

Last Reviewed

The date when the incident was last reviewed.

21/05/2023