What is a Security Incident?
Recognize when something bad is happening with security.
What is a Security Incident?
A security incident is when someone (inside or outside) accesses, modifies, or steals data without permission.
Common Incidents
Phishing attack: Someone receives a fake email that steals their password.
Account compromise: Someone's account is hacked and used to send emails or access systems.
Data breach: An attacker accesses customer data or company secrets.
Ransomware: Malware locks up your files and demands payment.
Insider threat: An employee steals data or sabotages systems.
System outage: A critical system goes down (could be security-related).
The Common Pattern
- Something unusual happens
- You notice it (or someone reports it to you)
- You report it to security/IT
- Security/IT investigates
- You respond to minimize damage
That's the pattern. Your job: step 3. Report it.
Key Point
In the first 5 minutes, reporting matters more than understanding. If something seems wrong, report it. Let the experts determine if it's real.
Knowledge check
What counts as a security incident?