What Is a Security Incident?
A security incident in an organization is a serious event that can occur at any point from the desktop level to the servers and infrastructure that make the network work. A security incident can be anything including accidental actions that result in a problem up to and including the downright malicious. Regardless of why a security incident occurred, the organization must respond appropriately.
A security incident can cover a lot of different events, but to clarify what constitutes a security incident, the following guidelines tend to apply:
• The result is the theft or misuse of confidential information of any type, such as customer information, patient information, or financial information.
• The event substantially affects the network infrastructure and services, such as performance or security.
• The event provides unauthorized access to any resource.
• The event provides a platform for launching attacks against a third party.
Other events can and will be included on this list, depending on the organization and the environment in which it functions. For example, a company in the health care field would include additional events that pertain to patient information and unauthorized access to this information. A security incident can be simply thought of as an event or situation that adversely affects the security stance of the organization.