What is a Security Incident Report?

A Security Incident Report is an essential document that is used to keep track of any untoward security incidents that occur in a workplace or an organization, such as theft, vandalism, etc. It is a detailed report of the events leading up to the incident that took place. Reporting these security incidents is a crucial part of letting the workplace manage and prepare on dealing with such incidents should they ever occur again, as it ensures that all security incidents are tracked, captured, and dealt with by the workplace or organization. Should they fail to track such incidents, they won’t be able to manage it.

What are some examples of  Security Incidents?

It is also important to note that there are various types of security incidents, ranging from minor to severe. Here are some examples of it:

Theft. Theft is defined as the unlawful act of taking away someone else’s property without permission or consent, with the specific intention of depriving the owner of said property. Examples of theft include grand theft and merchandise theft.Vandalism. Vandalism is defined as the act of deliberately damaging or defacing public or private property. This willful or malicious act usually lowers the value of the damaged property. Examples of vandalism include slashing someone’s car tire, defacing park benches, or breaking someone’s window.Harassment. Harassment is defined as any unlawful behavior which you find offensive or that makes you feel intimidated. It is also prevalent in the workplace, and some examples of it include derogatory jokes, racist slurs, and personal insults. It can also involve physical attacks or threats.Insider threat. Insider threat involves an accidental or a very malicious threat involving people with legitimate access to a company or organization’s confidential data and systems who deliberately leak said data for personal gain. This may also happen accidentally.Password attack. Password attacks typically involve password cracking software used to expedite guessing someone’s password. Common methods include brute force password attacks, keylogger attacks, dictionary attacks, and password stuffing.Physical attack. Physical attack is defined as the act of deliberately harming and striking another person against his or her will, such as punching and kicking him/her. In other definitions, it can also be defined as intentional offensive actions that aim to destroy, disable, or steal physical assets such as infrastructure or hardware.Terrorism. Terrorism is defined as the unlawful use of violence in pursuit of political aims. It can be classified as international, where it is usually state-sponsored, or domestic, where it is driven by local domestic influences such as politics and religion.Phishing. Phishing is defined as a type of social engineering attack that is often used to steal a user’s data, particularly their sensitive information such as their login credentials, bank account numbers, and card numbers. It is usually disguised as an email or a message from the scammer and the message is usually something they want or need, such as a request from their bank, and tricks the victim into giving away his/her credentials.

What Is Included in a Security Incident Report?

The contents of a Security incident report are usually different from one workplace or organization to another. Here are the most common contents that are included in a security incident report:

Directions. This section states the directions on how to fill the form up in case the person who writes the report is unfamiliar with the procedure, and who to contact in case there is another significant development while writing up the report.General Information. This section typically includes the name of the organization or workplace, their contact details, their email address, as well as their physical address.Incident Reporter Information. Includes the details of the person reporting the incident, such as their name, contact information, address, their department, their title, and the division or office that he/she is working for.Incident Description. This is where the incident is written, in a clear and concise manner. It can be done in a paragraph summary, in a detailed timeline format, or in some forms, it is done in a survey questionnaire style checklist, with many choices with a checkbox that can be ticked off by the incident reporter. It can also include spaces for the names of the people involved in such incidents, such as the names of the perpetrators and the people they harmed if any. This also typically includes spaces for the place, date, and time when the said security incident has taken place.Actions Taken. This section details the actions that were taken by the investigators in dealing with the security incident, along with their corresponding results.Recommendations. In this section, the person that is filling up the form, usually with the aid of the investigators that dealt with the incident writes their recommendations on how to prepare for a similar incident in the future, or how to prevent it from happening entirely.Signature. This is the last part of the form and is where the investigator or the person who is filling up the form affixes their name and signature, as well as the date the form was completed.

How to Properly Write a Security Incident Report

Writing a Security Incident Report can be a daunting task to perform for some people, especially if this is their first time writing one. It can also be the least favorite part for those people who are working in the security sector. Being guided by the instructions written in the incident report can be a massive help for them. If not, then hopefully these steps can help:

1. Gather as much information as possible.

Ask as many people as you can who saw the incident happening for details. Then gather all the necessary data, such as the date, time, and location of said incident. If they give you permission, also include the names, the departments, and contact details of the people you’ve interviewed during the information gathering. Including their contact details enables the authorities to contact them should they have any further questions or developments regarding the incident that took place.

2. Fill up your personal details.

As you begin writing on the report, it is also important to write your personal information in the spaces provided, including your name, contact details, your company details, and your home address. This enables the investigators to know who wrote the security incident report, and also enables them to contact you for further information, or to ask for clarification should they find any inconsistencies in your report.

3. Write what actually happened.

This is where you write the events that actually took place. But you should remember to stick to the facts of the incidents, and never, ever include your own opinions. You should only write the facts that you are 100% sure it took place. You can also write down all the information that you have gathered from the people you’ve asked from. Also remember to use as little technical jargon as possible, for your report to be easily understood by the investigators. You should also format the report properly, and avoid writing a very long paragraph so that your report is easier to read. You can also include here a timeline of how the security incident occurred. In writing the incident, you can remember the 5 Ws (What, Where, Why, Who, When) and 1 H (How) to make the report more authentic and credible.

4. Verify and proofread.

Once you’ve completed writing the security incident report, it is important to double-check what you’ve actually written in your report for missing information and facts, for story inconsistencies, and for grammatical errors. Make sure that all the events that you’ve written match what actually happened, and all the facts, names, and dates that you’ve listed down are factual. This is your opportunity to polish your written report because any unseen typographical error can be detrimental to the progress of the investigation and may change its outcome.

5. Submit the report to the authorities.

Once you’ve double-checked the security incident report you’ve written, and you’re confident that everything in the report is true and correct, it is now time to submit your report to the investigator or to the authorities, so they can begin their investigation and provide their appropriate recommendation report and feedback. Be sure to have your lines ready in case they contact you during the investigation period.


Why should someone make a Security Incident Report?

Creating a security incident report enables us to create an external account of the incident that occurred, which can be of great help to the legal proceedings that will follow. Having such an incident reporting system in place also helps the organization or the company to enforce its own security policy. By also developing a reporting culture in the workplace, the chances of a simple incident transforming into a full security event also get reduced greatly.

Should any incident be reported, even if it is a very small one?

Yes, security incidents of all types must be reported and tracked. It is important to do so because reporting incidents is an essential part of a workplace’s security management program. These reports are stored and are eventually used as evidential documentation to serve as proof that the workplace regulations and standards are properly complied with by the workplace. Employees should also be frequently reminded of the security incident reporting process, no matter how small the incident may be.

What happens to a security incident report after it has been filed, and investigation is concluded?

In most cases, a summary of every security incident report that has been filed within a certain period of time is compiled on a yearly basis. Sometimes, it is also compiled every 6 months. The summary is usually distributed among the members of the company’s senior management team.

Making an ideal security incident report is important because it can be turned over to the appropriate law enforcement authorities and can aid in the process of a trial should the suspect or suspects involved have charges filed against them. One should also be careful in creating said report, as the words written in it can prove to have a massive impact on the people involved in the incident that was recorded. It can be a daunting task at first but knowing how to write one is usually good practice in keeping the company or organization’s security management system in top shape. If you struggle to make one for yourself, there are examples above that you can use as a guide.