When to use this
Use this record when malware is suspected or confirmed and the organization needs evidence of detection, containment, cleaning/rebuild, verification, and lessons learned.
Related controls
- A.8.7 Protection Against Malware
- A.5.26 Response to Information Security Incidents
- A.5.27 Learning from Information Security Incidents
Incident record
| Field | Value |
|---|---|
| Record ID | TBD |
| Date/time detected | TBD |
| Asset/user affected | TBD |
| Detection source | TBD |
| Malware/symptom | TBD |
| Initial impact | TBD |
| Containment action | TBD |
| Cleaning or rebuild action | TBD |
| Verification performed | TBD |
| Data/access impact reviewed? | Yes/No |
| Closed by | TBD |
| Lessons learned / corrective action | TBD |
Minimum checks
- Detection was recorded.
- Asset was contained where needed.
- Cleaning or rebuild was completed.
- Recovery was verified.
- Related credentials or access were reviewed where needed.
- Lessons learned or corrective action was recorded.
- Template
- Iso27001
- Technological controls
- Incident response
- Malware protection
Note Metadata
Aliases: Malware Incident Record
Source: 90 Templates/Malware Infection Response Record.md
Related Notes
- ISO 27001 A.5.26 - Response to Information Security Incidents
- ISO 27001 A.5.27 - Learning from Information Security Incidents
- A.8.7 Audit Evidence Pack
- ISO 27001 A.8.7 - Protection Against Malware
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Guide
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- A.8.7 Audit Checklist
- Templates MOC