Free ebook: NIS2 ready using ISO 27001 best practices
Download ebook
Academy home
Incident management: Extension for employee security incident reporting through Guidebook

In general, the goal of incident management in cyber security is to provide a structured and efficient approach for detecting, responding to, and resolving security incidents. Incident management allows organisations to effectively mitigate the impact of cyber attacks or security breaches by minimising i.e. downtime, containing the incident, and restoring normal operations rapidly.

How can the incident reporting function in Cyberday help your organisation?

There are a lot of different incident scenarios and it can be difficult to notice one without the help of your employees. If i.e. one of your employees has lost the working laptop or it got stolen, it is important that your employee knows what to do when and how to act.

As your employees already have all the security guidelines available in the Guidebook, you might want to expand this section to include incident reporting workflows too. In this way employees can report incidents in the same place where they read security guidelines, allowing you (the admin) to reach the info in a structured way and fast. This can give both, you and your staff, the safety of knowing there is a process for reporting incidents instead of "uncontrolled panic".

How can you activate the incident reporting function?

Where to find this view: Dashboard -> Organization name drop down -> Employee actions on Guidebook

You can activate the reporting feature by doing the following steps:

  1. Go to Organisation dashboard
  2. Open the settings
  3. Next to the headline " Employee actions on Guidebook", click "Expand" and then move the slider under "Employee input for Security incidents" to the right to enable this function

The incident reporting feature is now enabled and will be visible in the Guidebook.

How can employees report incidents?

You employees can simply report incidents in their own Guidebook in Cyberday, if the feature is activated. It is a good idea to create a guideline for your employees describing how to act and how to report incidents. Like this, you can make sure that this feature will be used in the case of an incident.

To report an incident, all they need to do it clicking on the "Report an incident" on the left on top of the guideline themes. A pop up window will open for filling in the specifics of the incident. There is a list of pre-choices or the option to write an own incident, in case it is not listed in the list (see screenshot below).

Once the incident is filled, the employee needs to click "Add incident" to get to the next step. In this step, some more information are required. What was the type of the incident (i.e. stolen device) and was it intentional? Was this caused external or internal? Was this also a personal data breach? You can also add associated information assets from your ISMS by clicking "Edit" or add an own explanation below.

When adding associated information assets, the view looks like this.

How do admins get notified?

Where to find this view: Dashboard -> Theme: Incident management -> Documentation -> Security incidents

The admins selected for the incident management section will receive an immediate notification (i.e. via MS Teams or Slack, if the integration is activated) once an incident is reported. You can find the incident notification in Cyberday from the theme "Incident management" in the organisation dashboard. Click on the theme and then click on "security incidents" on the right.

Once you have clicked on "Security incidents", a documentation list with all of the reported incidents will open. Tip: You can also select multiple list owners to be notified (see screenshot below). By clicking on an incident from the list, you can click on it to see the details and accept it to keep it in the incident list and continue to the treatment.

How does the incident treatment continue?

You can continue the incident treatment in Cyberday. If an incident has happened, you should work on it, so this kind of an incident can be avoided in the future. You can watch a video about incident and improvement here. Once you have accepted the incident, you have to fill in more information, i.e. how critical that incident is for your organisation and and how it will be treated.

One of the most important steps in the treatment is the improvement afterwards to avoid this kind of an incident in the future. What are we adding to our ISMS to lower the risk of this kind of an incident? You can always find examples and templates with best practices from our library in Cyberday. Improvements can be done i.e. by creating new tasks to work against those kind of incidents. Do you have any questions about this topic? Contact our team or check our other Academy articles!

Questions and feedback

Do you have any further questions, would need another help article or would like to give some feedback? Please contact our team via or the chat box in the right lower corner.


Share article