Types of incidents

incident response

A cyber incident is the violation of an explicit or implied security policy. There are several types of incidents that are commonly recognized:

TYPE

EXAMPLE

DESCRIPTION

Malicious Code (Malware) Malware hosting, Malicious JavaScript, Virus Infection An attacker publishes malicious scripts or references to malware on a web server; malware is self-propagated on a network or introduced by unaware user (email attachment, etc)
Email Compromise Unsolicited messages, Unauthorized access An attacker uses compromised email account or a weakness of the email system to distribute unauthorized messages and/or reconfigure, read or modify the compromised mailbox (this category excludes regular inbound SPAM)
Inappropriate Usage Unlicensed software, Obscene material, Political agitation An authorized personnel uses an ICT system or infrastructure in a way that violates Standard on the Acceptable Usage of ICT Resources
Denial of Service (DoS) SYN flood, Email bombing An attacker prevents authorized (legititmate) use of an ICT infrastructure, system or application by exhaustion of associated resources (e.g. bandwidth, processing power, etc)
Site Defacement Page defacement, Picture substitution An attacker substitutes or alters content published on a web server making it to present unauthorized textual statements, pictures, movies, sounds, etc to legitimate visitors
Information Disclosure Privacy violation, Lost storage media, Port scanning, Social engineering An attacker obtains (or had an opportunity to access) sensitive, personally identifiable information (PII) or information that facilitates furher exploitation (e.g. passwords, port scans, etc); it includes lost or stolen equipment with sensititive information.
Intrusion Server compromise, Botnet operation An attacker penetrates organization’s security perimeter (controls) and obtains full control over an ICT system or infrastructure.

We encourage you to report any activities that you feel meet the criteria for any incident type.