Security incidents are events that fall outside the range of normal operational noise, surpass a pre-defined threshold and/or have a negative impact on the overall security posture of the network, data, systems or organization. A computer security incident is an accidental or malicious action or event that has the potential to cause unwanted effects on the confidentiality, integrity and availability (CIA) of an organization’s information and IT assets. Therefore, a security “incident” can be defined as any situation that has negative repercussions on the CIA of a company’s electronic information assets. This piece details guidelines and best practices to follow when defining a security incident.
Security Events vs. Incidents and CIA
Many organizations often struggle to differentiate between computer security “events” and actual “incidents.”
The determination of whether an anomaly is an event or an incident is based on whether the CIA of a system or data has been affected. It doesn’t matter if the action or event was accidental or malicious. If it has the potential of causing unwanted effects on the CIA of the organization’s information and IT assets, it qualifies.
Therefore, a security “incident” is defined as any situation with negative repercussions on the CIA of a company’s electronic information assets. In addition, the classification level of the affected data plays a role in determining the incident’s severity level.
READ: How to Prepare for SEC’s Cyber Disclosure Rules
Guidelines to Define a Security Event or Incident
The determination of whether an event is an incident should be made using the following guidelines:
- Has confidentiality been affected?
- Has integrity been affected?
- Has availability been affected?
- Is it still occurring?
If the answer is ‘yes’ for any one of those four questions, an incident has occurred and should be declared so. If the answer is no, the anomaly should be classified as an event because none of the four criteria for an incident were met.
Cyber Security Incident Examples
Common examples of computer security incidents include:
- Successful attempts to gain unauthorized access to a system or its data (system compromise).
- Unwanted disruption or denial of service.
- The unauthorized use of a system for the processing or storage of data.
- Changes to system hardware, firmware or software characteristics without the owner's knowledge, instruction or consent.
- Lost or stolen mobile devices that contain sensitive information not protected by encryption.
- Sensitive or confidential information posted to the public internet.
- Violation of acceptable use policies or standard security practices.
With the SEC’s new cyber rules, the materiality of cyber risk is further emphasized. Cyber knowledge and disclosure in the business is the priority and the board’s role in cyber oversight along with the need for CISO expertise on public boards remains a key requirement. Download our CISOs as Board Directors, CISO Board Readiness Analysis to find guidance and compelling insights included in this year’s benchmark reports.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in connection with such information, opinions, or advice.