An incident is security relevant if one or more questions are answered positively:

  • Is personal data / employee data affected by the incident?
  • Is there theft or loss of information or technology (includes portable and stationary media)?
  • Is there an unauthorized disclosure of information?
  • Was there unauthorized access to information from internal and external sources?
  • Is a facility infected with malicious software that triggers unintended actions?
  • Can an intrusion specifically affecting internal infrastructure occur?
  • Is there unknown activity causing network performance to respond with increased network bandwidth and reduced response time?
  • Has an employee abused their access privileges to gain access to a restricted area?
  • Have there been unauthorized changes to the organization’s file system, including media, through insertion, modification, or deletion?
  • Is there damage or destruction to hardware, equipment, or infrastructure that is intentional?
  • Does a system exhibit suspicious behavior or a defect?
  • Are there potentially dangerous activities or conditions that could lead to a security incident?