How to Submit an Incident
-
Log into the TAMUS ISAO Portal at https://portal.cyber.tamus.edu.
-
Click + New and select Submit Incident Report.
-
Enter the following basic details for the incident and click Next:
a. Title: A short title that identifies the nature of the incident
b. Description: A thorough description of the incident's nature and scope, including any ticket/incident numbers from the affected member(s) and/or DIR SPECTRIM submissions
c. TLP: Designate the incident TLP:RED unless instructed otherwise
-
Enter the following additional information and click Next:
a. Affected Member(s): Select the affected system member(s)
b. Functional Impact: Identify the current level of impact on system member functions or services; refer to the chart on the Incident Notification Guidelines page for a detailed explanation of the options
c. Information Impact: Identify the type of information lost, compromised, or corrupted; refer to the chart on the Incident Notification Guidelines page for a detailed explanation of the options
d. Recoverability: Estimate the scope of time and resources needed to recover from the incident; refer to the chart on the Incident Notification Guidelines page for a detailed explanation of the options
e. Attack Vector(s): Any known method(s) used by the threat actor to effect the incident
f. Risk to Research Activities or Data: Check this box if any research activities or data were impacted due to the incident
g. Date of Detection: The date/time the activity was first detected
h. Number of Systems Affected: Identify the number of systems, records, and users impacted
i. Location: Identify the location(s) (campus, building, room, logical network, etc.) impacted
j. Threat Indicators: Provide any threat indicators, including signatures, IPs, emails, domains, etc. developed in relationship to the incident
-
Attach any supporting documents/images and click Next.
-
Preview the information to be submitted in the incident report and click Submit.