A cyber incident is the violation of an explicit or implied security policy. There are several types of incidents that are commonly recognized:
|Email Compromise||Unsolicited messages, Unauthorized access||An attacker uses compromised email account or a weakness of the email system to distribute unauthorized messages and/or reconfigure, read or modify the compromised mailbox (this category excludes regular inbound SPAM)|
|Inappropriate Usage||Unlicensed software, Obscene material, Political agitation||An authorized personnel uses an ICT system or infrastructure in a way that violates Standard on the Acceptable Usage of ICT Resources|
|Denial of Service (DoS)||SYN flood, Email bombing||An attacker prevents authorized (legititmate) use of an ICT infrastructure, system or application by exhaustion of associated resources (e.g. bandwidth, processing power, etc)|
|Site Defacement||Page defacement, Picture substitution||An attacker substitutes or alters content published on a web server making it to present unauthorized textual statements, pictures, movies, sounds, etc to legitimate visitors|
|Information Disclosure||Privacy violation, Lost storage media, Port scanning, Social engineering||An attacker obtains (or had an opportunity to access) sensitive, personally identifiable information (PII) or information that facilitates furher exploitation (e.g. passwords, port scans, etc); it includes lost or stolen equipment with sensititive information.|
|Intrusion||Server compromise, Botnet operation||An attacker penetrates organization’s security perimeter (controls) and obtains full control over an ICT system or infrastructure.|
We encourage you to report any activities that you feel meet the criteria for any incident type.