Security Incident Reporting is used after determining a true security incident has occurred; processing workflows to assign tasks for collecting evidence and determine additional action steps for reporting. If it's a basic virus or phish event/alert, with no compromise, use Information Security Investigation.