Definition
Temporal and Spatial Information
Data source details
Datasets
| Path name | Data Element | Definition | Data Type | Format |
|---|---|---|---|---|
| Number | Incident: Number, ID | A number which identifies a unique cyber security event. | Numeric | N(2) |
| Incident Classification | Incident: Classifiation, Indicator | An indicator of level of urgency attributed to a cyber security event. | String | A(200) |
| Date and Time Discovered | Incident: Discovered, Date DD-MM-YYYY Time HH:MM | The date and time the cyber security event was first discovered. | Date/Time | DD-MM-YYYY HH:MM |
| Contact Information | Person: Contact Information, Text(200) | The contact information of the person who identified the cyber security event. | String | A(200) |
| Incident Type | Incident: Type, Text(200) | The type of cyber security event which has occurred. | String | A(200) |
| Incident Summary | Incident: Summary, Text(200) | A high level summary of the cyber security event. | String | A(200) |
| Incident Scope | Incident: Scope, Text(200) | A list of affected networks, systems and applications due to a cyber security event. | String | A(200) |
| Impact | Incident: Impact, Text(200) | A list of affected stakeholds by a cyber security event. | String | A(200) |
| Severity | Incident: Severity, Text(200) | A description of the impact the cyber security incident has on the organisation. | String | A(200) |
| Indicators of Compromise | Incident: Indictors of Compromise, Indicator | An indicator of a compromised item used in a cyber security event. | String | A(200) |
| Mitigating Factors | Response: Mitigating Factors Applied, Text(200) | A description of controls that have been implemented to contain/mitigate a cyber security incident. | String | A(200) |
| Response Description | Response: Description of Actions Performed, Text(200) | A description of the actions taken once a cyber security incident was identified. | String | A(200) |
| Prevention Steps Taken | Response: Prevention Steps Taken, Indicator | An indicator that action has been taken to prevent a cyber security incident from occuring again. | String | A(3) |
| Trusted Network | Incident: Trusted Network, Indicator | An indicator that the cyber security event occurred within a trusted network. | String | A(3) |
| Evidence Preserved | Incident: Evidence Preserved, Indicator | An indicator that evidence of a cyber security event has been retained. | String | A(3) |
| Policy Reviewed | Response: Policy Reviewed, Indicator | An indicator to organisational/system policy has been reviewed due to a cyber security event. | String | A(3) |
| Physical Location | Incident: Physical Location, Text(200) | The physical location of the cyber security event. | String | A(200) |
| Estimated Cost | Incident: Estimated Cost, Text(200) | The estimated cost of the cyber security event including containment and prevention. | String | A(200) |
| Date Closed | Response: Date Closed, Date DD-MM-YYYY | Date the response to the cyber security event was resolved. | Date | DD-MM-YYYY |
| Confidentiality Rating | Incident: Confidentiality Rating, Indicator | The level of compromise in Confidentiality of the system as a result of the cyber security event. | String | A(50) |
| Integrity Rating | Incident: Integrity Rating, Indicator | The level of compromise in Integrity of the system as result of the cyber security event. | String | A(50) |
| Availability Rating | Incident: Availability Rating, Indicator | The level of availability of business assets to respond to the cyber security event. | String | A(50) |
| Cause | Impact: Cause, Indicator | The root cause of the cyber security event. | String | A(50) |
| Origin | Impact: Origin, Indicator | An indicator that the cyber security event originated from an internal or external source. | String | A(50) |
| Affect | Impact: Affect, Indicator | The identified area of the system which was affected by the cyber security event. | String | A(50) |
| Service Outsourced | Impact: Service Outsourced, Indicator | An indicator that an affected service is outsourced. | String | A(3) |
| Additional Comments | Incident: Additional Comments, Text(1000) | Multiple lines of free text comments can be recorded about a cyber security event. | String | A(1000) |
| Customer name | Customer: Name, Text |
The name of the person is recorded as text. |
- | - |
| - | - | - | - | - |
| - | Person—Age, Number |
The age of person is recorded as Number. |
Code 123 | - |