expand for answer
Risk mitigation
While some risks cannot be avoided, they can be minimized or mitigated by putting controls into place to mitigate the risk once an incident occurs.
Similar items:
<p>Events are anything that can occur in the IT environment, while incidents are unscheduled events.</p><p>This is the textbook definition of an incident versus event. However, this question is not easy, because many sources in the IT security field define incidents differently: It’s common to think of incidents as events that have an adverse impact, or incidents are something that require response. </p>
[view]
[view]
(IS) Assessed occurrence having actual or potentially adverse effects on an information system. (COMSEC) Occurrence that potentially jeopardizes the security of COMSEC material or the secure electrical transmission of national security information. An unusual occurrence or breach in the security of a computer system. An event that has actual or potentially adverse effects on an information system. A computer security incident can result from a computer virus, other malicious code, intruder, terrorist, unauthorized insider act, malfunction, etc. The occurrence of a system intrusion.
[view]
[view]
A violation, or imminent threat of a violation, of a security policy or practice within the organization. Computer security incidents are the result of an attack, malware infection, or inappropriate usage by employees. See incident.
[view]
[view]
Any act or circumstance that involves classified information that deviates from the requirements of governing security publications. For example, compromise, possible compromise, inadvertent disclosure, and deviation. See computer security incident.
[view]
[view]
The process by which a risk is reduced or removed.
[view]
[view]
There are no comments yet.