security incident

A security incident is an event that may indicate that an organization’s systems or data have been compromised or that measures put in place to protect them have failed.

In IT, an event is anything that has significance for system hardware or software and an incident is an event that disrupts normal operations. Security events are usually distinguished If a single user is denied access to a requested service, for example, that can be considered a security event because this may indicate a compromised system, but the access failure could also be caused by many other things. The common theme for most security events, no matter what caused them, is that they do not typically have a severe impact on the organization. However, if large numbers of users are denied access, it likely indicates a more serious problem, such as a distributed denial-of-service (DDoS) attack, so that event may be classified as a security incident because of its disruptive impact on operations.