Responding to Incidents
In the best of worlds, all of your risk management practices will prevent any incidents. However, avoiding all incidents is highly unlikely, so organizations also come up with a plan for how to respond to incidents when they occur.
In the context of IT security, a security incident is any violation of policies or security practices that has the potential to result in an adverse event. NIST SP 800-61, Computer Security Incident Handling Guide, provides several definitions that are helpful in identifying incidents:
• An event is any observable occurrence in a system or network.
• Adverse events are events with a negative consequence, such as system crashes, network packet floods, unauthorized use of system privileges, unauthorized ...