18.2. Incident Handling
When an incident occurs, you must handle it in a manner that is outlined in your security policy and consistent with local laws and regulations. The first step in handling an incident properly is recognizing when one occurs. You should understand the following two terms related to incident handling:
Any occurrence that takes place during a certain period of time
An event that has a negative outcome affecting the confidentiality, integrity, or availability of an organization's data
The most common reason incidents are not reported is that they are never identified. You could have many security policy violations occurring each day, but if you don't have a way of identifying them, you will never know. Therefore, ...