Cyber Incidents

Logs information-security and cyber incidents (mfi.cyber.incident) - breaches, fraud attempts, outages and data exposures - with severity, impact and response timeline. It gives the board oversight of operational-technology risk and supports mandatory breach notifications. Each incident tracks containment, root cause and lessons learned.

Cyber Incidents
Cyber Incidents — live screen from the BridgeERP MFI Suite.

Workflow

  1. Open Cyber Incidents under Governance.
  2. Raise an incident with its category, severity and detection time.
  3. Record affected systems, data and customer impact.
  4. Track containment, investigation and root-cause findings.
  5. Close with lessons learned and any regulator notification logged.

Fields reference

Every field on this screen, drawn from the live data model.

FieldTypeRequiredDescription
Cbk Notify Required
cbk_notify_required
Yes/NoComputed: True when severity is high or critical.
Cbk Notify Due At
cbk_notify_due_at
Date & timeComputed: detected_at + 24h.
Cbk Notified Via
cbk_notified_via
TextHow the notification was delivered (email + ref).
Notification narrative
cbk_notify_text
Long textFree-text narrative sent to CBK.
Affected Records
affected_records
NumberEstimated number of customer records affected.
Affected members
affected_members_ids
TagsMembers whose data was potentially exposed.
Title
title
TextYesTitle
Kind
kind
Choice: Phishing, Malware / Ransomware, Credential Compromise, DDoS / Availability Attack, Data Breach, Insider Threat, Third-Party / Vendor Compromise, Misconfiguration / DriftYesKind
Severity
severity
Choice: Low — informational, Medium — material impact, High — significant impact, Critical — adverse impact (CBK 24h notify)YesSeverity
State
state
Choice: Detected, Assessing impact, Reported to Regulator, Contained, Resolved, Post-mortem complete, Cancelled / False positiveYesState
Detected At
detected_at
Date & timeYesDetected At
Has Message
has_message
Yes/NoHas Message
Reference
reference
TextReference
Detected By
detected_by
Link → res.usersDetected By
Detection Source
detection_source
Choice: SIEM alert, User report, Routine audit, Vendor notification, Vulnerability scan, OtherDetection Source
Cbk Notified At
cbk_notified_at
Date & timeCbk Notified At
Monetary Loss
monetary_loss
MoneyMonetary Loss
Currency
currency_id
Link → res.currencyCurrency
Containment Actions
containment_actions
Long textContainment Actions
Eradication Actions
eradication_actions
Long textEradication Actions
Recovery Actions
recovery_actions
Long textRecovery Actions
Root Cause
root_cause
Long textRoot Cause
Lessons Learned
lessons_learned
Long textLessons Learned
Contained At
contained_at
Date & timeContained At
Resolved At
resolved_at
Date & timeResolved At
Resolved By
resolved_by
Link → res.usersResolved By
Post Mortem Url
post_mortem_url
TextPost Mortem Url
Company
company_id
Link → res.companyCompany

Actions & buttons

Buttons available on this screen and what they do:

  • Start Assessment
  • Notify CBK Now
  • Mark Contained
  • Mark Resolved
  • Post-mortem Done

Status lifecycle

Records on this screen move through these statuses:

Detected → Assessing impact → Reported to Regulator → Contained → Resolved → Post-mortem complete → Cancelled / False positive

Notes & rules

  • Captures breaches, fraud, outages and data exposures.
  • Severity and impact drive escalation to the board.
  • Supports mandatory breach-notification timelines.
  • Root-cause and lessons-learned feed risk management.

Technical model: mfi.cyber.incident · Record: MFI Cyber / Security Incident

Was this page helpful?