Skip to content
BOL Conferences
Thread Options
#156257 - 02/03/04 07:31 PM Information Security Breach Form
GPrejean Offline
Member
GPrejean
Joined: Sep 2002
Posts: 86
Lake Charles, LA
Does anyone have a form that records the information on a possible Information Security Breach? Our IT exam cited us for not having an official form to record the information. I know what to ask just don't have the document.
Thanks

Return to Top
Security - PUBLIC
#156258 - 02/03/04 09:12 PM Re: Information Security Breach Form
Anonymous
Unregistered

Are you talking about the SAR Part III section where you'd characterize the activity as #35f, Computer Intrusion ? That's the only form I know of.

Do you have a written, board-adopted incident response plan that defines an "incident" and basically gives you an action plan of what-to-do's when an incident occurs? Is it possible you're misinterpreting the examiners' suggestions and instead you're thinking you need some type of form? Part of your incident response plan and process would be defining what your actual event was, such as determining that there was, in fact, a "breach", as you referenced. There's something missing here in your translation of what they suggested you do.

Return to Top
#156259 - 02/03/04 10:04 PM Re: Information Security Breach Form
GPrejean Offline
Member
GPrejean
Joined: Sep 2002
Posts: 86
Lake Charles, LA
They requested "Establis formal Incident Response Procedures related to any attempted outside intrusions to any systems. I know how to investigate an intrusion, to me they want a policy in place (paper) with a form that lists who, what, when, where, why and how much.

Return to Top
#156260 - 02/03/04 10:26 PM Re: Information Security Breach Form
Anonymous
Unregistered

I think we can come up with something useful. Let's brainstorm a bit on this thread. . .

Information Security Breach Report
Date of information security breach:
Date of discovery of information security breach:
Type of breach: [the thought here would be that this would be a very brief thing -- such as misaddressed email, hacking incident, stolen laptop, worm infection, password sharing infraction, etc.]
Description:

Action Taken: [Note by whom and when]
Notification Chain: [This would be a checklist area on the form that will have blocks of names/entities to be checked.]
Followup: [Note here when follow-up is necessary and when it's scheduled.
SAR filed: ___ Yes ____ No ___ Doesn't meet guidelines for filing a SAR

What else can we think of to add or do differently?

Return to Top
#156261 - 02/03/04 10:53 PM Re: Information Security Breach Form
KK Offline
100 Club
KK
Joined: Jan 2002
Posts: 249
Southern California
California Law requires disclosure to any resident of California whose unencrypted personal information was or is reasonably believed to have been acquired by an unauthorized person.
So I would add Personal Information acquired?

Return to Top
#156262 - 02/04/04 02:05 AM Re: Information Security Breach Form
Retread Offline
Power Poster
Retread
Joined: Oct 2003
Posts: 2,548
Southeast
How about something like this? Maybe that is what they are referring to.
Incident Reporting Form

Even if it isn't what they are referring to, it will be useful to have around.
_________________________
Politicians are like diapers. They need to be changed often and for the same reason.

Return to Top
#156263 - 02/04/04 02:41 AM Re: Information Security Breach Form
Anonymous
Unregistered


Return to Top
#156264 - 02/04/04 03:07 AM Re: Information Security Breach Form
Anonymous
Unregistered

That is a wonderful form from Secret Service. Keep in mind that there are information security breaches that are not computer-related, so you will also need to have a form that encompasses those.

Return to Top
#156265 - 02/04/04 04:24 PM Re: Information Security Breach Form
GPrejean Offline
Member
GPrejean
Joined: Sep 2002
Posts: 86
Lake Charles, LA
Thanks everyone. I have a good place to start.

Return to Top
#156266 - 02/10/04 04:57 PM Re: Information Security Breach Form
McGruff Offline
Gold Star
McGruff
Joined: Feb 2004
Posts: 262
Texas
Can anyone help me with finding a template for procedures regarding identifying and dealing with IT breaches? The forms are great, but I need to build an overall step-by-step policy starting with identifying the breach, who needs to be notified, who needs which forms completed,paperwork to fill out, steps to remedy the breach, etc.
Thanks

Return to Top

Moderator:  Andy_Z