From the course: CompTIA CySA+ (CS0-002) Cert Prep: 6 Incident Response
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Identifying and classifying security incidents
From the course: CompTIA CySA+ (CS0-002) Cert Prep: 6 Incident Response
Identifying and classifying security incidents
- [Instructor] Before we can talk about cybersecurity incident response, we need to have a common understanding of what constitutes a security incident. Let's talk about some common vocabulary used by cybersecurity incident handlers. We'll talk about events, adverse events, and incidents. A security event is any occurrence in a system, network, or application that may have security implications. There's no requirement that a security event be malicious or dangerous. If a user attempts to log into a system, that's a security event, even if the login was successful and authentic. If a firewall accepts or denies a connection request, that's a security event. If a user accesses a webpage or a file on a server, you guessed it, that's a security event. Every organization experiences thousands or even millions of security events each day. Adverse security events are a subset of security events that have some negative consequence.…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.