6

Security Incident (SI) Register

Source Severity Priority Date & time

Incident # Incident Type Reference (1/2/3/4) (1/2) Raised
Date & time time/Days Status
reported to Date & time elapsed for (Closed/O
SCA Closed open SIs Duration Raised By pen)
Descriptio Resolution Corrective & Preventative Action
n Owner taken - incident handling Resolution Cause
Defect Source
Priority Levels for Incidents and Problems
Incidents a) impact ..The following table applies to all
Security Incidents.
IMPACT

Security Incident

* All of the types of information referred to in the above rows have the meaning given to them in the S

b) urgency ..(i) Security Incidents The following table

applies to all Security Incidents.
URGENCY

Security Incident

* All of the types of information referred to in the above rows have the meaning given to them in the S
 HIGH

· Denial of Service (Denial of Service or distributed denial

of Service attacks.)

· Hacking (Reconnaissance or suspicious activity,

excluding malware.)

· Compromised Asset (A compromised host, network

device, application, or user account. This is inclusive of
malware infections where an attacker actively controls
the system (root access, Trojan, rootkit).)

· Compromised Information (Attempted or successful

destruction, corruption, or disclosure of Group
information or intellectual property.)

· Unlawful activity (Theft/fraud/human safety/child

exploitation. Incidents of a criminal nature or are likely to
involve law enforcement or international investigations.)

in the above rows have the meaning given to them in the SCA's Information Security Classification Guidelines.

HIGH
· Medium Protected Data or High risk systems being targeted.

Large number of targeted or vulnerable systems.

in the above rows have the meaning given to them in the SCA's Information Security Classification Guidelines
c) Priority Level Priority Levels for Incidents are determined on the basis of both the
impact and urgency, as follows:
 MEDIUM

· Malware (Malicious software, such as a virus or worm, affecting

multiple devices. This excludes compromised hosts where an attacker
actively controls the system (compromised asset.)
· Acceptable Use Violations (Possession or sharing of
offensive/copyright material. Intentional violation of Information
Security policy. Inappropriate use of Group assets such as computers,
networks, or applications. )

Security Classification Guidelines.

MEDIUM
· Highly Protected Data or High risk systems being targeted.

Large number of targeted or vulnerable systems.

Externally accessible systems.
Security Classification Guidelines
 PRIORITY LEVELS

Urgency
 Impact
ORITY LEVELS High
High 1
Medium 2
Low 3
Medium Low
2 3
3 4
4 4