We started the new course today called Incident Management. First of all I wanted to create a post here explaining what an incident and event it.

To start with events, it is explained as any observable occurrence in a system or network. It often indicates that an incident is occurring. This can be, as an example, be a user connecting to a file share, the network performance slowing down or the system crashing. Alerts can be triggered by an IDS or similar set up as part of your system protection.

And this leads to the incident itself, which is considered an adverse event in a system or network. Often it is a violation or imminent threat of violation of the computer security policies, acceptable use policies or standard security practices. Above mentioned policies are previously defined by the organisations security specialists, and should be continually evolving with the threat levels.