What is a security Incident?
Did you know that all organisations are exposed to security incidents? They can originate internally or externally, although most of the time they occur for internal reasons or with internal collaboration. Let's go over what security incidents are and why they occur.
What is it?
A computer security incident is the occurrence of one or more events that threaten the confidentiality, integrity and availability of information and that violate the organisation's Information Security Policy, if it has one.
Why does it occur?
In all organisations there are weaknesses and/or vulnerabilities that can be exploited intentionally or unintentionally and cause the loss of confidentiality, integrity and/or availability of information.
Some examples of security incidents are:
- Leakage or disclosure of confidential information
- Malware infection.
- Unauthorised access to information or systems.
- Destruction or corruption of information.
- Denial of service attacks (DoS or DDoS).
How can a security incident be identified??
There are many ways to identify a security incident, the main ones being;
- Adequately monitor systems, at least those that are critical to the business or contain sensitive or confidential information
- Implement tools for correlation and log review of the main systems to detect possible security incidents or abnormal behaviour patterns.
- Implement a cyber-intelligence service that can detect data leaks, compromised passwords, etc.
- To make users aware of the importance of communicating any security incidents they have suffered or think they have suffered, or any strange behaviour they detect.
The weakest link when it comes to security incidents is always the organisation's own staff, who either accidentally or intentionally may cause or be necessary partners for such an incident.