Skip to content

Security Incident Report Guide

This guide explains how customers should report security incidents for applications deployed via Game Warden. Prompt, accurate reporting helps Second Front assess, contain, and remediate risks quickly while meeting DoW security requirements.

When to report

Incidents such as suspected unauthorized access, attempted breach, exposure of sensitive data, malware, or other malicious activity.

Common incident types:

Incident Type Description
Data Spillage Confidential data is released into an untrusted environment.
Data Breach Unauthorized access, disclosure, or theft of sensitive data.
Malware Infection Installation and execution of malicious software.
Denial of Service (DoS) Intentional disruption of services.
Leaked Credentials Unauthorized exposure of authentication secrets (e.g., passwords, API keys).
Unauthorized Access Accessing systems or data without authorization.
Insider Threat Threats originating from employees or trusted individuals.
Phishing Attempts to gain sensitive information via deceptive communication that results in actual compromise.
Ransomware Malware that encrypts data for extortion.

Important

  • If your event falls under one of these categories, you must immediately report the incident to the Second Front security team.
  • If you’re not sure which category applies, report the event anyway. Our team will triage and route appropriately.

How to report

  1. Notify Second Front via the Support Portal. See Accessing the Support Portal for instructions.
  2. Select Report a Security Incident as the ticket category.
  3. Complete the ticket with the following information:
    • Summary: A short, descriptive title (for example, "Suspected Phishing Email in Marketing Dept" or "Unauthorized Login Attempt").
    • Time incident discovered: The date and time the incident was first identified, in DD/MMM/YY format (for example, 24/Apr/26).
    • Person reporting the incident: The name of the person submitting the report.
    • Company name: The full legal name of the organization.
    • Sensitive data exposed: Indicate whether CUI, classified, or proprietary data was involved in the incident. Select Yes if confirmed, No if ruled out, or Unsure if it cannot be determined at the time of reporting.
    • Incident category: The category that best describes the event, such as Data Breach or Insider Threat.
    • Affected application(s)/service(s): The specific software or platforms impacted.
    • Contact information: A phone number or secondary email where the Security Team can follow up immediately.
    • Description of incident: A clear timeline and technical summary of what occurred. Keep the description high-level to avoid inadvertently exposing CUI or PII.
  4. Click Create to submit the report.

Responsibility model

  • Platform-level response (Game Warden infrastructure): Managed by 2F.
  • Application-level response (your deployed apps): Managed by your team.
  • Some IR controls are partially inheritable, but primary responsibility for application-level security and recovery rests with the customer.