The objective of the study is to analyze the methods of describing a computer incident in the field of information security when identifying illegal events and testing cyber-physical systems to improve the quality of work with documentation when protecting cyber-physical systems. To achieve this goal, it is necessary to develop a format for describing incidents. For this purpose, regulatory documents were analyzed, types of computer incidents and their classification were identified, incident criteria were defined, and the degrees of criticality of the consequences when they occurred were identified. A document was developed to describe the incident. These studies are carried out in conjunction with work on developing methods for monitoring and testing the security of cyber-physical systems for automatic detection of illegal operation and (or) abnormal operation in a cyber-physical system. Based on the research results, an algorithm of actions and methods for identifying and preventing the consequences of computer incidents will be formed, due to which it will be possible to increase the security of cyber-physical systems.

Keywords: information security event, computer incident, information system, incident description, documentation generation, incident card, cybersecurity, cyber-physical system