Security Incidents
All security related incidents of the organization such as data breach, policy violation, phishing, and theft can be reported using Security Incidents.
Creating a Security Incident
1.From the workspace menu, click Security Incidents.
2.Click New and either select a template or select Create a New Record.
3.Enter information into the fields:
•Summary and Description.
•Category - Based on the category, a relevant workflow is applied and initiated. Select the Workflow Instance tab to view the workflow. You can abort or pause the workflow and resume it when paused.
•If the Security Incident involves sensitive data - select the Is Sensitive Data Lost/Stolen? or Sensitive Data Breach check box. This check box displayed is based on the incident category.
•If the Security Incident is a phishing attack, select the Phishing Attack? check box. This check box is displayed only when the Category is Phishing.
4.Click Save.
Tabs in Security Incidents
If you do not see some of the tabs listed here, they may be hidden, click the 
icon at the right corner of the tabs list and select the tab you wish to un-hide.
•Task - Based on the workflow, tasks are automatically added to the Security Incident. You have to complete the tasks to resolve the incident. Additionally, you can add more tasks as required.
Other actions you can perform for Tasks are - Accept, Reject, Cancel, Reassign, Waiting, Continue, and Complete.
•Confidential Participants
This tab is available only when you select the Confidential check box.
You can limit access to the Security Incident to selected users by adding Confidential Participants.
To add Confidential Participants:
1.Click Link and select the user to whom you wish to give access to the Security Incident.
2.Press the SHIFT key to select multiple users.
3.Click Select.
The selected users are added to the Confidential Participants list and only they will have access to the Security Incident.
To remove a Confidential Participant:
1. Select the user whom you wish to deny access to the Security Incident.
2.Click Unlink.
The selected user is removed from the Confidential Participants list and will not have access to the Security Incident.
•Events - Link events to the Security Incident. On linking an Event, a Child Security Incident will be created. To view it, click the Child Security Incidents tab.
•Child Security Incidents - Link existing incident or create new incident as a child incident to the Security Incident.
•CI - Link the Configuration Item that is lost, stolen, or involved in any other way to the Security Incident.
•Problem - Create a new problem or link existing problem to the Security Incident.
•Change - Create a new change or link existing change to the Security Incident.
•Contract - Link contracts to the Security Incident.
•Activity History - The history of all emails is displayed here. Includes emails you've sent to users, as well as system-generated emails.
•Checklist - Create new checklists or link existing checklists for the Security Incident.
•External Task - Create tasks or link existing tasks to the Security Incident that needs to completed by an external team.
•Attachment - Attach files or add URLs.
•Cost Item - The cost of the Security Incident is managed in this tab. You can either add cost item from the existing list or create a new cost item.
•Knowledge - Create knowledge articles or link existing article to the Security Incident for reference.
•Escalation Watch - All escalations records are displayed.
•Audit History - Displays the important changes made to the Security Incident such as when the Summary or Description is modified, and when the Status is updated.
•Workflow Instance - Displays the workflow used for Security Incident. You can Abort, Pause, and Resume the workflow.
•Approval - Create new or link existing approvals to the Security Incident.
•Related Posts - Link or unlink related posts to the Security Operations.