“An event is any observable occurrence in a system or network. Events include a user connecting to a file
share, a server receiving a request for a web page, a user sending email, and a firewall blocking a
connection attempt. Adverse events are events with a negative consequence, such as system crashes,
packet floods, unauthorized use of system privileges, unauthorized access to sensitive data, and execution
of malware that destroys data.
A computer security incident is a violation or imminent threat of violation of computer security policies,
acceptable use policies, or standard security practices. Examples of incidents are:
- An attacker commands a botnet to send high volumes of connection requests to a web server, causing it to crash.
- Users are tricked into opening a “quarterly report” sent via email that is actually malware; running the tool has infected their computers and established connections with an external host.
- An attacker obtains sensitive data and threatens that the details will be released publicly if the
organization does not pay a designated sum of money. - A user provides or exposes sensitive information to others through peer-to-peer file sharing services.
Breach – The loss of control, compromise, unauthorized disclosure, unauthorized acquisition or any similar occurrence where: a person other than an authorized user accesses or potentially accesses personally identifiable information; or an authorized user accesses personally identifiable information for other than an authorized purpose. Source: NIST SP 800-53 Rev. 5
Event – Any observable occurrence in a network or system. Source (PDF): NIST SP 800-61 Rev 2
