Possible Incident Ticket Form
Category: Incident Response · Version: 1.0 · Team: Policies & Procedures · Owner: rojomoon
Updated 2025-12-01 20:04
Incident Response Form
1. Basic Incident Information
- Incident Title:
- Date/Time Reported:
- Responsible:
- Contact Information:
- Incident ID:
2. Incident Description
- Summary of Incident:
- Type of Incident:
- [ ] Malware
- [ ] Phishing
- [ ] Unauthorized Access
- [ ] Data Breach
- [ ] System Outage
- [ ] Other: ____
- Date/Time Incident Occurred:
- Affected Systems/Applications:
- Affected Users/Departments:
3. Detection Details
- How was the incident detected?
- Detection Source:
- Initial Indicators:
4. Containment
- Immediate Containment Actions Taken:
- Responsible Personnel:
- Date/Time Actions Taken:
5. Eradication
- Root Cause Identified:
- Vulnerabilities Exploited:
- Eradication Steps Taken:
- Date/Time Completed:
6. Recovery
- Systems Restored?
- [ ] Yes
- [ ] No
- Recovery Actions Taken:
- Validation Steps:
- Date/Time Systems Returned to Service:
7. Impact Assessment
- Data Exposed/Compromised:
- Business Impact:
- Regulatory/Compliance Impact:
- Estimated Downtime:
- Estimated Financial Impact:
8. Communication
- Internal Notifications:
- External Notifications:
- Law Enforcement Contacted:
- [ ] Yes
- [ ] No
- If yes, agency and contact:
9. Lessons Learned
- Summary of What Worked Well:
- Summary of What Failed or Needs Improvement:
- Recommended Long-Term Fixes:
- Policy/Procedure Updates Needed:
10. Final Approval
- Incident Handler Name/Signature:
- IR Manager Name/Signature:
- Date Completed:
Attachments
Logs, screenshots, reports, timestamps, and any supporting documentation should be included here.