Create a Security Incident

A Security Incident is defined as a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices. Security Incidents can only be opened through a Security Event.

Security Incidents have the following specific security rules against them:

  • The Default Owner team is Security Incident.
  • The user who opened the Security Incident is added to the Granted Users list (and associated tab). Only users who are in the Security Manager security group and/or are on the Granted Users list can view/modify a Security Incident (once security groups are set up as outlined in Configuring Cherwell ISMS.

To create a Security Incident:

  1. Open the Security Event.
    1. Select the Escalate to Security Incident link in the Actions list.
      A prompt opens for a Security Incident description.
    2. Enter key details in the Security Incident Description field, and then select OK.
    3. Fields in the Detection and Analysis sections are populated from the Security Incident. Fill in any additional information in this area, as appropriate.
    4. Select a Security Incident owner from the Assigned To drop-down list.
    5. Select the Next: In Progress link under Status.

You are now ready to begin work on the Security Incident.