Incident Categories Definitions
|Incident Categories||Incident Definition||Incident Types|
|Abusive Content||Refers to any illegal attempt that impacts loss of productivity or criminal activity.||SPAM|
|Malicious Code||Refers to a program that is covertly inserted into another program with the intent to destroy data, run destructive or intrusive programs, or otherwise compromise the security or the confidentiality, integrity, and availability of the victim’s data, applications, or operating system . Like a virus, worm, Trojan horse, or other code-based malicious entity that successfully infects a host.||Virus|
|Information gathering||Refers to any attack that intercept and access information during transmission to be used in a subsequent attack..||Scanning|
|Intrusion attempts||Refers to any attempt trying to compromise a system or to disrupt any service by exploiting vulnerabilities with a standardized identifier such as a CVE name (e.g., buffer overflow, backdoors, cross side scripting, etc).||Exploiting known Vulnerability|
|New Attack Signature|
|Intrusions||Refers to any unauthorized attempt to use of a computer account by someone other than the account owner||Account Compromise|
|Availability||Refers to any attack that makes a resource unavailable by initiating large numbers of incomplete connection requests .This type of attack overwhelms capacity, typically preventing new connections from being made.||DOS Denial of Service Attacks|
|Information Security||Refers to any unauthorized access incident occurs when a person gains access to resources that the person was not intended to have. Unauthorized access is typically gained through the exploitation of operating system or application vulnerabilities, the acquisition of usernames and passwords, or social engineering.||Unauthorized Access|
|Fraud||Refers to any attempt for using resources for unauthorized purposes, including profit-making ventures (eg, the use of e-mail to participate in illegal chain letters for profit or pyramid schemes). Selling or installing copies of unlicensed commercial software or other copyright protected materials (Warez). Or defines any type of attacks in which one entity illegitimately assumes the identity of another in order to benefit from it||Unauthorized use of resource|
|Others||Refers to non-malware threats that are often associated with malware like phishing and virus hoaxes. Both phishing and virus hoaxes rely entirely on social engineering, which is a general term for attackers trying to trick people into revealing sensitive information or performing certain actions.
Phishing refers to criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.