Understanding the incident
According to the NIST, a computer incident is a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security policies.
Let's take a few examples of the incidents that have occured:
- A developer clones the latest source code from Git repository and shares it online to the public domain
- An employee is tricked into opening up file in a malicious mail stating performance appraisal, which has an attached excel sheet with a malicious executable attached to it
- An attacker is sending lot of
GETrequests to an application-specific API, which is known to slow down the servers, with the intention of creating a DoS-based attack
Handling the incidents
Many of the breaches in the organization go unreported, either because it went undetected or the organization wants to save themselves from the embarrassment that comes from the bad reputation of the organization in front of the public.
An incident can be caused by human error...
