Definitions[edit | edit source]
Automated transportation system[edit | edit source]
An incident is
|“||[a]n occurrence involving one or more vehicles in which a hazard or a potential hazard is involved but not classified as a crash due to the degree of injury and/or extent of damage. An incident could affect the safety of operations. This definition covers a broad range of events.||”|
Computer security[edit | edit source]
An incident (also called cyber incident) is:
|“||an umbrella term encompassing a range of malicious activity carried out by diverse actors with varying motivations and capabilities — all of whom exploit cyberspace.||”|
|“||[a]n event occurring on or conducted through a computer network that actually or imminently jeopardizes the integrity, confidentiality, or availability of computers, information or communications systems or networks, physical or virtual infrastructure controlled by computers or information systems, or information resident thereon. For purposes of this directive, a cyber incident may include a vulnerability in an information system, system security procedures, internal controls, or implementation that could be exploited by a threat source.||”|
|“||[a]n occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.||”|
|“||[a]n occurrence that actually or potentially results in adverse consequences to (adverse effects on) (poses a threat to) an information system or the information that the system processes, stores, or transmits and that may require a response action to mitigate the consequences.||”|
|“||[a] violation or imminent threat of violation of computer security policies, acceptable use policies, or standard computer security practices.||”|
|“||[a]n occurrence that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.||”|
|“||actions taken through the use of computer networks that result in a compromise or an actual or potentially adverse effect on an information system and/or the information residing therein.||”|
Military[edit | edit source]
In information operations, an incident is an:
|“||assessed event of attempted entry, unauthorized entry, or an information attack on an automated information system. It includes unauthorized probing and browsing; disruption or denial of service; altered or destroyed input, processing, storage, or output of information; or changes to information system hardware, firmware, or software characteristics with or without the users' knowledge, instruction, or intent.||”|
Overview[edit | edit source]
Incidents can include major disasters, emergencies, terrorist attacks, terrorist threats, wild and urban fires, floods, hazardous materials spills, nuclear accidents, aircraft accidents, earthquakes, hurricanes, tornadoes, tropical storms, war-related disasters, public health and medical emergencies, and other occurrences requiring an emergency response.
|“||To date, the vast majority — nearly all mdash; of actual cyber incidents have been exploitations, and sensitive digitally stored information such as Social Security numbers, medical records, blueprints and other intellectual property, classified information, contract and bid information, and software source code have all been obtained by unauthorized parties.||”|
Symptoms[edit | edit source]
The symptoms of an incident could include any of the following:
- Unusually heavy network traffic
- Out of disk space or significantly reduced free disk space
- Unusually high CPU usage
- Creation of new user accounts
- Attempted or actual use of administrator-level accounts
- Locked-out accounts
- Account in-use when the user is not at work
- Cleared log files
- Full log files with unusually large number of events
- Antivirus or IDS alerts
- Disabled antivirus software and other security controls
- Unexpected patch changes
- Machines connecting to outside IP addresses
- Requests for information about the system (social engineering attempts)
- Unexpected changes in configuration settings
- Unexpected system shutdown.
References[edit | edit source]
- Federal Automated Vehicles Policy: Accelerating the Next Revolution In Roadway Safety, at 84.
- Critical Infrastructure Protection: Actions Needed to Address Significant Cybersecurity Risks Facing the Electric Grid, at 3 n.9.
- Justice Department's Role in Cyber Incident Response, at 1.
- Presidential Policy Directive 41 (PPD-41): United States Cyber Incident Coordination.
- NIST, FIPS 200; 44 U.S.C. §2552(b)(2).
- NICCS, Explore Terms: A Glossary of Common Cybersecurity Terminology (full-text).
- NIST Special Publication 800-61 (rev. 1), Glossary, at D-2; NIST Special Publication 800-150, at 59.
- Improving Cybersecurity Protections in Federal Acquisitions.
- U.S. Department of Defense, Joint Pub. 1–02: DOD Dictionary of Military and Associated Terms (Apr. 2010) (full-text).
- Department of Homeland Security, National Infrastructure Protection Plan 110 (2009) (full-text).
- At the Nexus of Cybersecurity and Public Policy: Some Basic Concepts and Issues, at 14.
See also[edit | edit source]
- Computer security incident
- Cyber security incident
- Incident detection
- Incident handler
- Incident handling
- Incident management
- Incident Manager
- Incident of National Significance
- Incident report
- Incident response
- Incident response handling
- Incident response plan
- Incident response team
- Security incident
- Significant cyber incident