Defining a security incident
A security incident is as unique as the business type and all the components that make the business function. What may be considered an incident for an online retailer may not be of any significance to a healthcare provider. However, there are commonalities across all business types for events that indicate a security incident.
At the center of every enterprise is information technology; the systems, processes, applications, and data that provide the infrastructure and capability for the enterprise to facilitate the business that it conducts. It is expected that unauthorized access to a system by an online retailer or a healthcare provider would be mutually considered a security incident. It is also expected that because these are two distinct business types, there will be outlier events which, if detected, would trigger an incident response. Each enterprise will need to analyze its critical infrastructure and determine what would be considered an incident beyond...
