Difference between revisions of "Cyber Incident"

From Open Risk Manual
 
 
Line 2: Line 2:
 
'''Cyber Incident'''. A [[Cyber Event]] that:  
 
'''Cyber Incident'''. A [[Cyber Event]] that:  
 
* jeopardizes the cyber security of an information system or the information the system processes, stores or transmits or
 
* jeopardizes the cyber security of an information system or the information the system processes, stores or transmits or
* violates the security policies, security procedures or acceptable use  policies, whether resulting from malicious activity or not.
+
* violates the security policies, security procedures or acceptable use  policies, whether resulting from malicious activity or not.
 
 
== VERIS A4 Threat Model ==
 
A cyber incident is viewed as a series of [[Cyber Event | events]] that adversely affects the information assets of an organization. The [http://veriscommunity.net/incident-desc.html VERIS] classification employs the A4 threat model<ref>VERIS Incident Description</ref>: Every cyber incident is comprised of the following elements (the 4 A’s)
 
 
 
* [[Threat Actor | Actors]]: Whose actions affected the asset?
 
* [[Threat Action]]: What actions affected the asset?
 
* [[Compromised Asset | Assets]]: Which assets were affected?
 
* Attributes: How the asset was affected?
 
  
 
== References ==
 
== References ==

Latest revision as of 09:37, 14 October 2021

Definition

Cyber Incident. A Cyber Event that:

  • jeopardizes the cyber security of an information system or the information the system processes, stores or transmits or
  • violates the security policies, security procedures or acceptable use policies, whether resulting from malicious activity or not.

References

  • Adapted from NIST (definition of “Incident”)