Monday, January 22, 2007

What makes a security incident?

The last couple of days, I have been having some discussion with colleagues about questions, such as "What is an incident?" and "When is an incident a security incident?"

We came up with the following set of rules-of-thumb:

1. If you know or suspect that the incident was caused intentionally, it is a security incident.

2. If you know or suspect that the incident affects your counter measures or security control systems, it is a security incident.

3. If you know or suspect that the incident constitutes a breach of compliance (e.g., a criminal act or a breache of corporate security policy, standards, guidelines or procedures), it is a security incident.

4. And finally, since the customer is always right, when a customer or other relevant party requests that the incident be handled as a security incident, it is to be treated as such.

While these guidelines can be useful in narrowing the focus of an incident to a security incident, it still has not answered the question what an incident really is.

No comments:

Post a Comment

Please share your view and opinions on what I wrote. In order to maintain quality, all comments will be moderated for merit. Contributions that call me out on statements that appear unfounded, wrong, or simply with which you disagree are highly appreciated and are even encouraged. Spam and 'me too' answers will be ignored.