The IT Law Wiki


Automated transportation system[]

An incident is

[a]n occurrence involving one or more vehicles in which a hazard or a potential hazard is involved but not classified as a crash due to the degree of injury and/or extent of damage. An incident could affect the safety of operations. This definition covers a broad range of events.[1]

Computer security[]

An incident is "a security breach of a computerized system and information."[2]

An incident (also called cyber incident) is:

an umbrella term encompassing a range of malicious activity carried out by diverse actors with varying motivations and capabilities — all of whom exploit cyberspace.[3]
[a]n event occurring on or conducted through a computer network that actually or imminently jeopardizes the integrity, confidentiality, or availability of computers, information or communications systems or networks, physical or virtual infrastructure controlled by computers or information systems, or information resident thereon. For purposes of this directive, a cyber incident may include a vulnerability in an information system, system security procedures, internal controls, or implementation that could be exploited by a threat source.[4]
[a]n occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.[5]
[a]n occurrence that actually or potentially results in adverse consequences to (adverse effects on) (poses a threat to) an information system or the information that the system processes, stores, or transmits and that may require a response action to mitigate the consequences.[6]
[a] violation or imminent threat of violation of computer security policies, acceptable use policies, or standard computer security practices.[7]
[a]n occurrence that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.[8]
actions taken through the use of computer networks that result in a compromise or an actual or potentially adverse effect on an information system and/or the information residing therein.[9]


In information operations, an incident is an:

assessed event of attempted entry, unauthorized entry, or an information attack on an automated information system. It includes unauthorized probing and browsing; disruption or denial of service; altered or destroyed input, processing, storage, or output of information; or changes to information system hardware, firmware, or software characteristics with or without the users' knowledge, instruction, or intent.[10]


Incidents can include major disasters, emergencies, terrorist attacks, terrorist threats, wild and urban fires, floods, hazardous materials spills, nuclear accidents, aircraft accidents, earthquakes, hurricanes, tornadoes, tropical storms, war-related disasters, public health and medical emergencies, and other occurrences requiring an emergency response.[11]

To date, the vast majority — nearly all mdash; of actual cyber incidents have been exploitations, and sensitive digitally stored information such as Social Security numbers, medical records, blueprints and other intellectual property, classified information, contract and bid information, and software source code have all been obtained by unauthorized parties.[12]


The symptoms of an incident could include any of the following:


See also[]