A data security incident is a general term associated with many different types of unauthorized activity involving devices and/or sensitive data. The unauthorized activity typically occurs on an enterprise network. Examples of devices include computing devices such as desktops, laptops, mobile phones, other mobile computing devices, application servers, authentication servers and networking devices such as routers and firewalls. Examples of data security incidents include lost or stolen computing devices, devices compromised by malware or accessed without authorization, and internet based cyber attacks.
Data security incidents pose a major operational and financial risk for business. Data security incidents such as cyber attacks are often designed to disrupt normal business operations and to steal information. Attacks that disrupt business operations include introduction of malware, computer viruses, and Denial of Service (DoS) attacks. The intrusion attempts use various methods to gain unauthorized access to personal information of individuals, and company confidential information such as customer lists and business plans. Attackers use methods that target security vulnerabilities in computer operating systems and software within the business' enterprise network to obtain unauthorized access.
Businesses use incident management systems to track and recommend responses to data security incidents in their enterprise computer networks. Current incident management systems and methods typically provide the ability for Incident Response Team (IRT) personnel to track how the institution is responding to incidents.