Copyright Goodheart-Willcox Co., Inc. 847 Chapter 24 Customer Support, Communication, and Professionalism A routine incident typically does not require much detailed information. For example, when malware attacks a computer or network system, a simple remedy may be provided by one of the many antivirus vendors. Th e malware is removed and normal operation is restored. In contrast, an incident involving theft or breach of security causing the loss of sensitive data may require much more detailed information than a routine incident. You should provide as much detail as possible in the documentation. Normally, additional pages may be required to record all pertinent facts concerning the incident. If the incident results in legal action by law enforcement, you may need to recall important facts about the incident later. It is not unusual for a technician to be called in for a legal deposition or to testify at a date one to two years after the incident has occurred. Memories fade, and the only way to be accurate and detailed about the incident is to record as much detail as possible Computer Security Event Form Person who reported incident: Name __________________ Title ______________________ Department _____________ Phone __________________ E-mail ____________________ Location of incident: Building ___________________ Room _____________________ Time incident was reported: Date ____________________ Time ___________________ Virus/Malware Social Engineering User Account Compromised Hoax System Misuse Network Intrusion Theft/Loss Physical Security Violation Other Virus/Malware: Describe virus/malware in general terms and the impact on the system. Technical or Physical Vulnerability: Describe the nature and effect of the incident in general terms. Equipment lost or stolen: Provide details of data or equipment lost or stolen. Host/Network Information IP Address Host Name MAC Address Suspected Source of Intrusion or Unauthorized Activity Source IP Address Resolved IP Host Name Application used to verify Goodheart-Willcox Publisher Figure 24-11 A security event form can be used for reporting prohibited content or activity.