General Incident Reporting

What You'll Learn

• Distinguish between security events, potential incidents, and confirmed incidents to calibrate reporting thresholds
• Complete an incident report form with the specific details that security teams need for fast triage
• Identify the correct reporting channel, whether that is a ticketing system, phone hotline, or direct escalation
• Understand why reporting speed directly impacts containment effectiveness and overall organizational damage
• Overcome hesitation about reporting uncertain or low-confidence security observations

Training Steps

1. A Normal Thursday Morning

   Welcome to ClearView Security! You are Alice, a project coordinator who manages client documentation and schedules. Today, you'll learn about recognizing and reporting security incidents - events that could indicate a threat to company data, systems, or people.

2. An Unusual Alert

   While reviewing your morning emails, Alice notices an automated security alert from ClearView's IT systems. The email reports a login to her account from an unfamiliar location.

3. Analyzing the Alert

   Alice examines the security alert carefully. Several details stand out as concerning.

4. Recognizing the Warning Signs

   Alice reads the alert carefully. She was asleep at 3:47 AM and has never been to Jakarta. This login wasn't her. Her mind races with questions: Was it a system glitch? Should she wait to see if it happens again? Or should she report it immediately?

5. Deciding to Report

   Alice recalls her security training. A security incident is any event that could compromise confidential data, allow unauthorized access, disrupt operations, or violate security policies. The suspicious login clearly fits this definition. She decides to report it immediately using the link provided in the security alert.

6. Accessing the Incident Portal

   Alice opens the company's internal incident reporting portal. She uses her password manager to log in securely - a good habit that ensures she's using strong, unique credentials.

7. Selecting the Incident Type

   The incident reporting form displays several categories. Since Alice experienced an unauthorized login from a foreign location, she needs to select the appropriate incident type. The suspicious login from Jakarta is clearly an Unauthorized Access attempt.

8. Completing the Incident Report

   With the incident type selected, Alice provides a clear, factual account of what happened, including the time, location data from the alert, and the fact that she did not authorize this login.

9. Immediate Response Actions

   After submitting her report, Alice receives confirmation that the security team has been notified. The system recommends immediate steps: change your password and review recent account activity. Alice knows that quick action can limit damage from a potential breach.

10. Changing Credentials

    Alice uses the company's password manager to generate a strong, unique password. She knows that if her old password was compromised, changing it immediately is critical to preventing further unauthorized access. The form requires her current password to verify her identity before allowing the change.