Security Event vs Security Incident
A security event is anything that happens that could potentially have information security implications. A spam email is a security event because it may contain links to malware. Organizations may be hit with thousands or perhaps millions of identifiable security events each day. These are typically handled by automated tools or simply logged. A security incident is a security event that results in damage such as lost data. Incidents can also include events that don't involve damage but are viable risks. For example, an employee clicking on a link in a spam email that made it through filters may be viewed as an incident.Security events are mostly things that never gain human attention. If you've noticed something suspicious, it is typically advised to report it as an incident.Security Event vs Security Incident | ||
Security Event | Security Incident | |
Definition | An identifiable occurrence that could theoretically be relevant to information security. | An event that is a viable risk or that causes damage such as lost data or operational disruptions. |
Also Known As | EventInformation Security Event | IncidentInformation Security Incident |