In-depth

How to define a security incident

Do we need to do a better job of understanding exactly what a security incident actually is? Davey Winder takes a look...

Asking 'what is a security incident?' may seem like something of a silly question, however when Lancope recently conducted a survey of IT and security professionals the results pointed towards the answer being far from straightforward.

Indeed, with some 65 per cent of those asked apparently being in security incident denial, there is an argument to suggest that there is a systemic problem in understanding security within the enterprise.

I started by asking Kurt Hagerman, FireHost's director of information security, the question and he admitted that it's a lot harder to answer than it seems. "It's a funny thing really. Everyone thinks that they know what a security incident is, but in truth there are a number of different definitions and they don't all sit well together," he says.

You cannot have a partial incident; you are either pregnant or not pregnant!

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Although the most basic of definitions would appear to classify an incident as 'an intrusion or attempted intrusion' Hagerman argues that the enterprise needs to define the term within the context of their operations.

Lisa Myers, virus hunter at Intego, agrees that organisations will define the term depending on the importance of security to their specific industry. "Organisations that are under more frequent attack will likely define it differently than those that are attacked more seldom," Myers points out. She adds: "Those with more sensitive or potentially life-threatening data will define it differently from those with limited data." This is true, but perhaps not very helpful in getting us closer to that elusive definition.

Most of the security industry professionals that I spoke to agreed on one important thing: the need for any definition to be 'high level.'

"[By] being too specific you run the risk of missing certain incidents," warns Alan Carter, head of consulting at SecureData. "For example, defining SQL attacks as a security incident could result in a new type of attack not being defined in future."

So can we come up with a high-level, broad church, definition? Andrew Wild, CSO at Qualys believes he can. "At a very high level, an information security incident should be considered an event that impacts the confidentiality, integrity, or availability of an information resource or asset," he says.

The organisation's information security management team, in coordination with its executive management and the incident response team, should then determine responsibilities for managing specific types of likely events, according to Wild.  

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Most Popular

Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020