Security Incident Lost Equipment workflow template

The Security Incident - Lost Equipment - Template allows you to perform a series of tasks designed to handle lost equipment.

Before you begin

Role required: sn_si.write

About this task

The workflow is triggered when the Category in a security incident is set to Equipment loss. This action causes a response task to be created for the first activity in the workflow.

Lost Equipment Template

Procedure

  1. Open the security incident for the equipment loss, or create a new security incident.
  2. In Category, select Equipment loss.
  3. Save the record.
  4. Scroll down and open the Response Tasks related list.
    The first of a series of response tasks appears. Each time the record is saved, your response to the previous task either causes the next response task to be created or the workflow to end.
    Table 1. Response tasks in Lost Equipment Template
    Response task Action Results
    Did the equipment contain sensitive data? Determine whether the equipment associated with this security incident contained any sensitive or confidential information.

    In the task, select Yes or No in Outcome as appropriate.

    If you select Yes the Was the data encrypted? task is created.

    If you select No, the workflow ends.

    Was the data encrypted? Determine if the sensitive data on the lost device was encrypted.

    In the task, select Yes or No in Outcome as appropriate.

    If you select Yes, the Remote wipe created? response task is created.

    If you select No, the Create potential data loss incidentresponse task is created.

    Create potential data loss incident Perform the steps necessary to create a potential data loss incident.

    After you have finished, set the state of the task to Complete or Incomplete as appropriate.

    The Remote wipe created? response task is created.
    Remote wipe created? Perform the steps necessary to execute a remote wipe of the lost equipment.

    In the task, select Yes or No in Outcome as appropriate.

    The Legal process - Disclosure required task is created .
    Legal process - Disclosure required? Perform the steps to satisfy the legal requirements of this analysis.

    Select Yes if a legal disclosure is required, Noif it is not.

    The Lessons learned meeting task is created.
    PR process Perform the steps necessary to satisfy the PR requirements of this analysis.

    After you have finished, set the state of the task to Complete or Incomplete as appropriate.

    The Set state to review task is created.
    Set state to review No action is necessary. The State of the security incident is changed automatically to Review.
    Lessons learned meeting Conduct a lessons learned meeting to triage the work performed for this lost equipment incident.

    After you have finished, set the state of the task to Complete or Incomplete as appropriate.

    The workflow ends.