A data security incident is a general term associated with many different types of unauthorized activity involving devices and/or sensitive data. Examples of devices include computing devices such as laptops, mobile phones, and application servers, and networking devices such as routers and firewalls. Examples of data security incidents include lost or stolen information, lost or stolen devices, devices compromised by malware or accessed without authorization, and internet based cyber attacks.
Internet based cyber attacks upon enterprise networks of organizations can create significant operational problems and serious financial and legal risk for organizations. This is due to the disruption of business and data losses that often result from these attacks. The attacks attempt to exploit security vulnerabilities of operating systems and software running on computers and servers within enterprise networks of the organizations. Attackers exploit these security vulnerabilities to steal proprietary data and confidential client records, and to disrupt business operations by introducing malicious computer programs or launching Denial of Service (DoS) attacks, in examples.
Organizations utilize incident management systems to maintain information about incidents and manage the response to data security incidents. Current incident management systems and methods typically provide the ability for Incident Response Team (IRT) members to track how the institution is responding to incidents.