Any employee who has evidence of an Information Technology security incident occurring or suspects such an incident may have occurred should notify the Information Technology Help Desk. The Help Desk contact should open an IT Incident Report Template and submit it to the Information Technology Manager to begin the investigation.
The Information Technology Manager should evaluate the information contained on ITSD108-1 IT INCIDENT REPORT, determine the potential for loss and the risk to the company, and assign the incident to the Incident Response Handling Team. The Incident Response Handling Team should survey the incident scene, determine what information will be needed to evaluate the incident (logs, audit trails, etc.), and preserve and document evidence.
The Information Technology Manager should review all Incident Reports to ensure incidents are handled in a timely manner, users are satisfied with the results, and that the company assets are protected from harm. Lessons learned, recommendations, and deficiencies should be presented to the Security Review Committee for discussion.