Classifying Intrusion Events into Categories
This chapter covers the following topics:
Now that we have covered how to analyze data and events, let’s look at how to handle categorizing an incident that is identified during the monitoring process. A security incident is any event that threatens the security, confidentiality, integrity, or availability of something of value, such as assets, technical systems, networks, and so on. Things that can be identified as threats and would trigger an incident are violations of security policies, user policies, or general security practices. Examples would be gaining unauthorized access to a system, denying services, ...