What is considered an incident and why it should be reported

 

  • An incident can involve malware (virus, trojan etc) or suspected cases of such. It is not always easy to judge whether it is an incident or not, but either the local IT department or UiO CERT can be of assistance in this judging.
  • Security incidents may be indicated by seemingly small incidents like if your username has been used at a time or from a place you do not recognize.
  • Securiy incidents may be breach of data integrity, data gone astray, confidential data out in the web or sent places or in manners that are not considered safe enough.
  • Loosing your laptop or a memory stick can be considered an incident all depending on the nature of the data om the laptop
  • It law enforcement contects you, that's a security incident

Security incidents should be reported because

  • We want to contain the damage
  • We want to protect the users and the data
  • Stale data makes investigation difficult
  • We want to know whether unwanted persons are using our resources
  • We do not want to hinder a possible police investigation

 

Published Sep. 12, 2011 2:56 PM - Last modified Nov. 23, 2011 12:24 PM