Documenting Cyber Security Incidents

Organizations often record cybersecurity incidents to track employee workload, satisfy auditors, fulfil reporting requirements, or to analyze cyber risk. While security incident databases are often neglected, they contain invaluable information that can be leveraged to assess the threats, vulnerabilities, and impacts of cyber attacks, providing a detailed view of cyber risk in an organization. This paper emphasizes what data is useful for a risk assessments and how data should be recorded.