Incident Date: (ex. 01-06-2010)

Subject:

Send E-Mail Carbon Copy to this address:

Please indicate what type of event was experienced
Please use the additional profile comments section below to describe the event and to include a phone number where you can be contacted if required

Malicious Code*
Unauthorized Access
Physical Intrusion
Physical Theft
Unauthorized Use
Website Compromises
Disruption or Denial of Service
Misuse
Hoaxes
Others (please describe)

* For Virus Incident Reporting, Please also fill out the Virus reporting section at the bottom of the page

Incident Profile

Detected with IDS and/or log reviews
Detected by unusual usage pattern
 Caused by an Internal Source (within Extension/Experiment Station)
Caused by an External Source (outside Extension/Experiment Station)

Additional profile comments
Please include any additional description of the incident that you would like submitted to DIR

Type of System Affected

Critical production applications and/or data
Critical administrative/support application and/or data
Research application and/or data
Academic application and/or data
Web server - External (world)
Web server - Internal (within Extension/Experiment Station)
FTP server
E-Mail server
Print server
Others

System Comment - other systems or general comments

Response Activities and General Information
These are dependent on the types of incidents encountered.
Example: Most incidents will not require activation of a disaster recovery plan.

Was an Incident Response
plan activated?"		 Was a disaster recovery plan activated
due to a security incident?
Yes No Yes No

In hours, what was the duration of the event (from detection until restoration)?

Was any data lost? (unrecoverable)

Yes No

Did the event result in damage to Extension/Experiment Station owned hardware, software or data?

Yes No

Were the damaged assets recovered or restored?

Yes No

Was assistance from outside Extension/Experiment Station needed to address the incident?

Yes No

Did the incident result in the change to a security process/practice or policy?

Yes No

Please indicate what changes (if any) were implemented?

Fixes or patches applied
Installation of Security Software
Additional policies or procedures developed
Other

Did proliferation result in other systems being impacted?
Example: Were Extension/Experiment Station computer(s) used to launch attacks on other external systems?

Yes No

What systems were impacted by proliferation?

Extension/Experiment Station Internal
Extension/Experiment Station External
Both

Was the University community aware of this incident?

Yes No

Was the incident reported to law enforcement authorities?

Yes No
Keep in mind that anything related in any way to an incident or possible incident is potentially a piece of evidence, i.e., how the notes taken, audit logs and backups, copies of malicious code, etc. are handled.


Comments on Response Activities and General Information

Virus Reporting section


Name of Virus


Number of systems infected

Source of infection?

Internal External No Infection

Number of workstation hard disks infected


Number of floppy disks infected
Number of servers infected


Method of clean-up used?

Texas AgriLife Extension
AgriLife Information Technology
TAES Annex Building
College Station, TX 77843-2468