In information security, a distinction is made between events and incidents. According to the definition of ISO/IEC 27000, an information security incident is a "single unintended or unexpected information security event or series of such events that have a significant likelihood of jeopardising business activities and threatening information security". An information security event already exists at the time of a possible breach of information security policies and only becomes an information security incident when it occurs.
Examples of information security incidents:
-
The accidental sending of information to the wrong target audience
-
A clicked link from a spam email
-
Abortion of the creation of backups
-
Infection with malware
-
Knowledge of the use of an outdated software version
-
Increased receipt of spam mails with a request to click on links
-
Suspicion of infection with malware
Every employee, supplier, business partner and other third party who uses systems and/or information within the scope of the ISMS must report any identified vulnerability, incident or event that could lead to a security incident. The prerequisite for this is that employees and partners are made aware of the issue within the company.