What constitutes a security incident?

From a question posted over at CISACA-L:

b). Secondly what constitutes a security incident. Is there a generally / generic agreed list. We all have our views on what constitutes a security incident, but i would just like to seek clarity

I offered the following definition:

Well anything that violates the security policy is a security incident. If no policy exists, you know that an incident is a security incident when you detect one.

If you find the above definition vague, or subjective please help refine it. But read “In Praise of the handshake” first. Like complete contracts, overengineered policies are inevitably imperfect. And that is why I like the informal SLA too.

One thought on “What constitutes a security incident?

  1. I would suggest changing “anything that violates the security policy…” to “anything that violates the security policy and it is not documented and accepted by management as an exception”.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s