Definitions[]
An event is
- "[a]ny observable occurrence in a network or system."[1]
- "[a]n occurrence, not yet assessed, that may affect the performance of an IS."[2]
- "[a]noccurrence that is not readily discernible as an incident.[3]
Overview[]
Events include a user connecting to a file share, a server receiving a request for a web page, a user sending email, and a firewall blocking a connection attempt.[4] They "[s]ometimes provides an indication that an incident is occurring or at least raise the suspicion that an incident may be occurring."[5]
References[]
- ↑ NIST Special Publication 800-61 (rev. 1), Glossary, at D-1; NIST Special Publication 800-150, at 59.
- ↑ Practices for Securing Critical Information Assets, Glossary, at 54.
- ↑ Federal Automated Vehicles Policy: Accelerating the Next Revolution In Roadway Safety, at 84.
- ↑ NIST Special Publication 800-61 (rev. 2), at 2.
- ↑ NICCS, Explore Terms: A Glossary of Common Cybersecurity Terminology (full-text).