Create a Security Incident
A Security Incident is defined as a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices. Security Incidents can only be opened through a Security Event.
Security Incidents have the following specific security rules against them:
- The Default Owner team is Security Incident.
- The user who opened the Security Incident is added to the Granted Users list (and associated tab). Only users who are in the Security Manager security group and/or are on the Granted Users list can view/modify a Security Incident (once security groups are set up as outlined in Configuring Cherwell ISMS.
To create a Security Incident:
Open the Security Event.