First Response Form Template

You can submit an incident response ticket by sending an email to Information.Security@dartmouth.edu. Make sure the following is included:

• Type of Incident
• Incident Timeline
• Who reported?
• Detailed description of the event

Type of Incident 

• Note all types that apply:

1. System Compromise
2. Credential Compromise
3. Network Attacks (DOS, Scanning, Sniffing)
4. Malicious Software (Viruses, Worms, Trojans)
5. Equipment Theft or Loss
6. Unauthorized Physical Entry
7. Social Engineering Attacks (Phishing)
8. Policy Violations
9. Third-Party Security Incident (Cloud Service or Partner Network Breach)

Incident Timeline

• Dates/times (including time zones) for the incident occurrence (if known), discovery, initial report, and closure

Who reported?

• Contact Information for the Incident Reporter:
  • Full name and NetID
  • Organizational unit/department
  • Email address
  • Phone number
• If an automated system reported the event:
  • Name of software package
  • Name of the host where the software is installed
  • Network address
  • Physical location
• If a third party reported the event:
  • Through email - Include full email notice
  • Via phone call - Name, organization, phone number and email address of caller

Detailed description of the event

• Include as much information as possible:
  • Description of the incident (how it was detected, what occurred)
  • Description of the affected resources
  • Description of the affected organizations
  • Estimated technical impact of the incident (i.e. data deleted, system crashed, application unavailable)
  • Summary of response actions performed so far
  • Other organizations contacted