Defence Signals Directorate

Defence Signals Directorate ISIDRAS – IT Security Incident Reporting Form

1. CLASSIFICATION DETAILS  Classification of incident report: ______ Classification of system attacked: ______ ISIDRAS category: 1 (N.B Does not need to be reported) 2 3 4

2. CONTACT DETAILS  Agency Name ______Street no. ______Street Name ______ Address Suburb/City ______State _____ Postcode _____  Reporting Officer Name ______Ph _____ Fax ______Position ______Mobile _____ E-Mail _____  Alternate Contact Name ______Ph _____ Fax ______

3. ASSISTANCE REQUIRED  The Information Security Group at the Defence Signals Directorate (DSD) can assist you with incident containment, eradication, recovery and follow up. Please indicate your agency’s interests: Advice only Investigation by DSD Forensic analysis Log analysis IT security review Policy review Other (Please specify)

4. INCIDENT TIMING Date incident started ______DD/MM/YY Time _____ 24 Hours Date incident identified ______DD/MM/YY Time _____ 24 Hours Is the incident continuing? YES NO Date incident stopped ______5. INCIDENT TYPE  Select the Incident Type and give details Hacking via public network Hacking from internal/private network Theft Server compromise Website defacement Equipment loss Software piracy Wilful misuse

Port scan Give details including source IP address and ports Denial of service Virus/Worm/Trojan Root kit or Warez tool

6. INCIDENT STATUS  Select one status Suspected Unsuccessful Successful Accidental Deliberate

7. INCIDENT CAUSE  Select one cause or provide details Natural disaster Outsider Staff Unknown Other

Contractor

8. INCIDENT IMPACT  Select an impact or provide details Confidentiality compromise Availability affected Content stolen Content altered Other

9. AFFECTED SYSTEM  Select a system or provide details Router Firewall PC Mainframe Server Please specify type ______

Other 10. OTHER COMMENTS Please consider the following and provide as much detail as you can  Rate the sophistication of the incident  Can you identify the attacker?  What action has been taken to prevent recurrence?

11. REPORTING INSTRUCTIONS  Complete and unclassified forms can be Posted to: ISIDRAS Information Security Group Locked Bag 5076 KINGSTON ACT 2604 Faxed to +61 2 6265 0328  Unclassified details can also be relayed to the Information Security Group via E-mail: [email protected] Telephone: +61 2 6265 0197  Classified details should be relayed in accordance with handling procedures outlined in the Protective Security Manual. Information provided remains confidential within DSD and is never disseminated except in aggregate.