Create a Security Incident
A Security Incident is defined as a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices. Security Incidents can only be opened through a Security Event.
Security Incidents have the following specific security rules against them:
- The Default Owner team is Security Incident.
- The user who opened the Security Incident is added to the Granted Users list (and associated tab). Only users who are in the Security Manager security group and/or are on the Granted Users list can view/modify a Security Incident (once security groups are set up as outlined in Configuring Cherwell ISMS.
To create a Security Incident:
- Open the Security Event.
- Select the Escalate to Security Incident link in the Actions list.
A prompt opens for a Security Incident description. - Enter key details in the Security Incident Description field, and then select OK.
- Fields in the Detection and Analysis sections are populated from the Security Incident. Fill in any additional information in this area, as appropriate.
- Select a Security Incident owner from the Assigned To drop-down list.
- Select the Next: In Progress link under Status.
- Select the Escalate to Security Incident link in the Actions list.
You are now ready to begin work on the Security Incident.