Annexes H & I
FIRE records which resources were affected (Annex H) and which of their security properties were compromised (Annex I) — from the Intermediate phase. Multiple types and properties may apply.
Classification of the resources affected by the incident, structured as a two-tier hierarchy.
| Category | Type | Description |
|---|---|---|
| People | — | Human resources — employees, contractors, or other individuals whose actions, access, or availability were affected by the incident. |
| Property | — | Physical assets — including buildings, facilities, and physical equipment not classified as ICT or OT hardware. |
| Technology | ICT Hardware | Information and communications technology hardware — servers, workstations, storage devices, networking equipment, and other ICT infrastructure. |
| OT Hardware | Operational technology hardware — physical systems that monitor or control industrial and physical processes, such as embedded controllers or SCADA systems. | |
| Software | Applications, operating systems, firmware, or other software components — whether off-the-shelf, custom-built, or sourced from a third party. | |
| Information | Datastore | Structured data repositories — databases, data warehouses, or other organised collections of data accessible by systems. |
| File-based | Unstructured or semi-structured information stored as files — documents, spreadsheets, logs, configuration files, and similar artefacts. | |
| Code | Source code, scripts, or compiled executables owned or managed by the entity. | |
| Third-party Library | Externally sourced software libraries, components, or packages incorporated into the entity's systems. | |
| Archived | Information held in long-term storage or backup systems — not in active use at the time of the incident. |
The security properties of the affected resources that were compromised by the incident. Based on the extended CIA triad used in information security frameworks.
| Property | Description |
|---|---|
| Availability | The resource was not accessible or usable by authorised parties when needed — for example, systems taken offline or data rendered inaccessible. |
| Integrity | The accuracy or completeness of the resource was compromised — data was modified, corrupted, or destroyed without authorisation. |
| Confidentiality | Information was disclosed to or accessed by parties who were not authorised to receive it. |
| Authenticity | The genuine origin or identity of the resource could not be verified — for example, spoofed communications, forged credentials, or tampered artefacts. |
| Accountability | Actions taken on or with the resource could not be reliably attributed to specific entities — for example, due to disabled logging, audit trail manipulation, or compromised identity controls. |
| Non-repudiation | It is not possible to prove or deny that a particular action was taken by a particular entity — for example, because of missing or altered audit evidence. |
| Reliability | The resource did not perform its intended function consistently — for example, intermittent failures, degraded performance, or unpredictable outputs. |