2. Security Incidents
• a violation, breach of security policy or procedure
• unauthorized access
• any other event that harms, or may harm the
security
3. Not all security incidents are significant
enough to require investigation.
• Assess the harm from any security incident.
• Determine the impact of actual, potential, or suspected
loss, compromise or disclosure.
• identify whether the incident is minor (an infringement or
breach) or major
4. Significant
security
incidents
Crimes like theft or robbery
Destruction of property e.g. vandalism
Fraud
Natural events like fire which may
compromise security
Incorrect handling of classified information
Cyber security incidents
5. Significant
security
incidents
• assault
• use of weapons including
firearms
• threats of harm to self or
others
Personal Attacks
Hostage taking
and high jacking
Kidnapping
Arson or
suspected arson
Bombing
Sabotage
Major - (a violation, which you must be reported)
Minor – breach, infringement
Choosing which incidents to investigate
The initial question is which incidents need to be investigated, and in what way. Often the severity of an incident’s consequences is the main criterion used to determine whether an investigation is initiated. However, focusing only on the severity of an incident should be considered incomplete. An alternative approach is to look not only at the severity of an incident but to also use additional criteria. Some possible reasons for choosing to investigate incidents are, for example:
High actual severity of the incident’s consequences such as loss of life, loss of containment or extensive (property) damage;
A legal or procedural requirement to do so;
The occurrence of similar incidents earlier in time, within the same organisation or sector;
Incidents with limited actual consequences but with a high potential for serious consequences;
Near misses when an incident is just barely avoided.
Report any suspected cyber security incidents including:
suspicious or apparently targeted emails with attachments or links
any compromise or corruption of information
hacking
viruses
disruption or damage to services or equipment
data spills.
In safety, Incident is then regarded as a synonym for a near-miss event.
There are many different definitions of what constitutes an incident or accident. In general the focus is on unintended and unforeseen events which have unintended consequences. In this article we will use the terms incident and incident investigation interchangeably with accident or accident investigation. In addition we focus on the field of occupational health and safety, although we realise that the same investigation techniques may be relevant for the investigation of other types of incidents as well.
In security, there is no such thing as security accident