020 3137 4214

Security Incident Report – How to Guide – 6 Steps

Security incident reporting is crucial to a successful security operation. The following six easy steps will help you quickly learn how to write an incident report. Security incident reporting systems, such as SIRV are great enablers but as the old saying goes, crap in, crap out. 

 

Security Incident Report - How to Guide - 6 Steps

What is a security incident report?

A security incident report is an account of an untoward event. Often we associate it with injuries and accidents involving people found in a security guard incident report. However, they’re also used for other negative events. For example, incident reports are used to record information security breaches. 

Below are six memorable steps on how to write a security incident report.

1) What to write

An incident report should answer six easy to remember questions. (You might spot this article answers the same questions):

  • What happened?
  • Where did it happen?
  • Why did it happen?
  • Who was involved or witnessed the incident?
  • When did it happen?
  • How did it happen?

Back in 1900 Rudyard Kipling wrote a poem named Six Honest Serving Men, the extract below is from the poem. Learning the extract will help you remember the list of questions to ask:

What to write in a security incident report

Incident reporting software for security will provide templates to help you with reporting. 

When to write a security incident report. SIRV incident reporting software for security

2) When to write the report

Because memories fade it’s important to write a security incident report while it’s fresh in the mind. For this reason, it’s often the case that an incident report is produced in two stages:

  • Preliminary report, written straight after the incident.
    Full report, written over the next few days.
  • By publishing the preliminary report straight after the incident you quickly make interested parties aware of the incident. A full report is likely to be more comprehensive than a preliminary report.

By publishing the preliminary report straight after the incident you quickly make interested parties aware of it. A full report is likely to be more comprehensive than a preliminary report.

security guard incident report - Where to write an incident report. SIRV reporting and tracking made easy.

3) Where to write the report 

Many people write their report at the location of the incident, ‘in the field’.

In the first instance you can record the incident using any storage device for example, an audio or video recording may be appropriate. It’s important to capture information while it’s fresh in people’s minds. If that means you need to write your findings on a napkin and write-up the report later, that’s fine.

Most report writers will use paper or digital form enhanced by media to publish their findings.

Who should write incident report  - how should an information security incident be reported

4) Who should write the report?

In some organisations report writing is the responsibility of designated people, regardless of whether they attended the incident scene. If you are writing the report it’s important you gather information from other people involved in the incident.

This may mean talking to people at the scene, CCTV controllers and other related parties. Incidents will often be the result of a chain of events, some of which may not be obvious at first.

how should you write a security incident report - SIRV security incident reporting system

5) How should you write the report?

Report writing is a skill developed over time. A well written report is easy to follow, objective and truthful. These tips will help you become a better report writer.

Order

Write the security incident report in a chronological order and detail events in a time sequence from the past to present.

Facts not Fiction

Record the facts rather than a story or narrative. For example, imagine one evening you’re out walking and you discover an injured person lying in the street. You spot someone running away from the scene. Many people would assume the person running away is the assailant (this is what we see in movies all the time). However, the person running away could be someone running for help.
We are tempted to assume the person running from the scene is responsible for the person’s injuries because this is a familiar story. However, report writing is not story telling. Record the incident as you find it, don’t apply judgments. Use the same rule when taking witness statements.

No Lies

Be honest, even if you’re not proud of your actions.

how should an information security incident be reported

6)Why you should write a security incident report

An incident report helps us learn from our mistakes and make the world a better place. By simply writing down the sequence of events we are creating an external account that can aid legal or civil proceedings. Incident reporting software for security will help with this process.

Writing a report can appear daunting and time consuming but it’s a hugely valuable exercise. Everyone from your manager to CEO could benefit from the report you write.

css.php