The NIST definition of a security incident
As a foundation for this chapter, let's once again define what we mean by various terms that we'll be using to describe the incident lifecycle.
NIST describes a Security Incident as events with a negative consequence, such as system crashes, packet floods, the unauthorized use of system privileges, unauthorized access to sensitive data, and the execution of destructive malware. Malicious insiders, availability issues, and the loss of intellectual property all come under this scope as well. Incident Response is defined as the summary of technical activities performed to analyze, detect, defend against, and respond to, an incident. Incident Handling is defined as the summary of processes and predefined procedural actions to effectively and actionably handle/manage an incident. An Event is described as an observable occurrence in a system or network while, somewhat obviously, an Adverse Event is described as an event resulting...