Concepts
Incidents - any event that negatively impacts the confidentiality, integrity, or availability of information or information systems. Specifically in this case, we're talking about those that can't necessarily be monitored automatically and require some level of manual input. For example: unauthorised access to a location or a clear desk policy violation.
Incident reports - The collection of data that is displayed as an output of various incidents being uploaded.
Key points
Overview of the incidents feature
Uploading relevant cyber security incident data and analysing reports in CybSafe couldn't be simpler. You can access this feature via the admin menu in Reports > Incidents.
The incident reports allowing you to track if you are improving over time and which common incident types need to be addressed.
Uploading incident data to CybSafe will not only allow you to track how incidents are changing over time and the patterns in common incident types, but also allow you to carry out historical analysis and improve overall risk management.
Incident reports
Incident reports will display data from a date range that is set via the filter at the top of the page. By default the date range is set to the last 30 days.
This will show the report as a comparison of the the selected period against the previous period. For example as a comparison of the last quarter vs the quarter prior to the selected one.
In the example report above, you can see:
The total number of incidents (far left),
How this figure compares to the previous 30 days by +/- and % increase or % decrease (shown highlighted in green).
The number of different incident types (middle)
How this figure compares to the previous 30 days by +/- and % increase or % decrease (shown highlighted in red).
Breakdown of incident types (far right).
The table below the report displays the list of uploaded incidents for the selected time period in the date filter and the impact.
Additional resources
