Home

What constitutes a security incident?

2011/02/21

From a question posted over at CISACA-L:

b). Secondly what constitutes a security incident. Is there a generally / generic agreed list. We all have our views on what constitutes a security incident, but i would just like to seek clarity

I offered the following definition:

Well anything that violates the security policy is a security incident. If no policy exists, you know that an incident is a security incident when you detect one.

If you find the above definition vague, or subjective please help refine it. But read “In Praise of the handshake” first. Like complete contracts, overengineered policies are inevitably imperfect. And that is why I like the informal SLA too.

Advertisements

One Response to “What constitutes a security incident?”

  1. XLA Says:

    I would suggest changing “anything that violates the security policy…” to “anything that violates the security policy and it is not documented and accepted by management as an exception”.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: