Has anyone seen, and can they direct me to, a generic incident report form (like a database or fill in the blank form) for things like discovered security compromises? My google-fu has failed me. I'm writing up a PCI compliant security policy, and need an incident report form so that we have something to refer to, and know what sort of concrete data needs to be kept for posterity.
Thanks! Looks like I was using less than adequate search terminology.
eta: Ooh, I could just hug you! Some of the document have check lists and guidelines for me to set up an annual appraisal of our security measures, and to find out how to further secure our sites.