Texas AgriLife Research and Extension Security Incident Reporting System
Incident Date: (ex. 03-08-2007) Subject: Send E-Mail Carbon Copy to this address: Please indicate what type of event was experienced Please use the additional profile comments section below to describe the event and to include a phone number where you can be contacted if required Malicious Code* Unauthorized Access Physical Intrusion Physical Theft Unauthorized Use Website Compromises Disruption or Denial of Service Misuse Hoaxes Others (please describe) * For Virus Incident Reporting, Please also fill out the Virus reporting section at the bottom of the page Incident Profile Detected with IDS and/or log reviews Detected by unusual usage pattern Caused by an Internal Source (within Extension/Experiment Station) Caused by an External Source (outside Extension/Experiment Station) Additional profile comments Please include any additional description of the incident that you would like submitted to DIR Type of System Affected Critical production applications and/or data Critical administrative/support application and/or data Research application and/or data Academic application and/or data Web server - External (world) Web server - Internal (within Extension/Experiment Station) FTP server E-Mail server Print server Others System Comment - other systems or general comments Response Activities and General Information These are dependent on the types of incidents encountered. Example: Most incidents will not require activation of a disaster recovery plan. Was an Incident Response plan activated?" Was a disaster recovery plan activated due to a security incident? Yes No Yes No In hours, what was the duration of the event (from detection until restoration)? Was any data lost? (unrecoverable) Yes No Did the event result in damage to Extension/Experiment Station owned hardware, software or data? Yes No Were the damaged assets recovered or restored? Yes No Was assistance from outside Extension/Experiment Station needed to address the incident? Yes No Did the incident result in the change to a security process/practice or policy? Yes No Please indicate what changes (if any) were implemented? Fixes or patches applied Installation of Security Software Additional policies or procedures developed Other Did proliferation result in other systems being impacted? Example: Were Extension/Experiment Station computer(s) used to launch attacks on other external systems? Yes No What systems were impacted by proliferation? Extension/Experiment Station Internal Extension/Experiment Station External Both Was the University community aware of this incident? Yes No Was the incident reported to law enforcement authorities? Yes No Keep in mind that anything related in any way to an incident or possible incident is potentially a piece of evidence, i.e., how the notes taken, audit logs and backups, copies of malicious code, etc. are handled. Comments on Response Activities and General Information Virus Reporting section Name of Virus Number of systems infected Source of infection? Internal External No Infection Number of workstation hard disks infected Number of floppy disks infected Number of servers infected Method of clean-up used? Texas AgriLife Extension AgriLife Information Technology TAES Annex Building College Station, TX 77843-2468
Incident Date: (ex. 03-08-2007)
Subject:
Send E-Mail Carbon Copy to this address:
Please indicate what type of event was experienced Please use the additional profile comments section below to describe the event and to include a phone number where you can be contacted if required
Incident Profile
Type of System Affected
Response Activities and General Information These are dependent on the types of incidents encountered. Example: Most incidents will not require activation of a disaster recovery plan.
In hours, what was the duration of the event (from detection until restoration)?
Was any data lost? (unrecoverable)
Did the event result in damage to Extension/Experiment Station owned hardware, software or data?
Were the damaged assets recovered or restored?
Was assistance from outside Extension/Experiment Station needed to address the incident?
Did the incident result in the change to a security process/practice or policy?
Please indicate what changes (if any) were implemented?
Did proliferation result in other systems being impacted? Example: Were Extension/Experiment Station computer(s) used to launch attacks on other external systems?
What systems were impacted by proliferation?
Was the University community aware of this incident?
Was the incident reported to law enforcement authorities?
Comments on Response Activities and General Information
Name of Virus
Source of infection?
Method of clean-up used?
