medium
Single Answer
0Mikaela is a security professional for a midsize business and typically handles log analysis and security monitoring tasks for her organization. One of her roles is to monitor alerts originating from the organization's intrusion detection system. The system typically generates several dozen alerts each day, and many of those alerts turn out to be false alarms after her investigation. This morning, the intrusion detection system alerted because the network began to receive an unusually high volume of inbound traffic. Mikaela received this alert and began looking into the origin of the traffic. Now that Mikaela understands that an attack has taken place that violates her organization's security policy, what term best describes what has occurred in Mikaela's organization?
Answer Options
A
Security occurrence
B
Security incident
C
Security event
D
Security intrusion
Correct Answer: B
Explanation
Now that Mikaela suspects an attack against her organization, she has sufficient evidence to declare a security incident. The attack underway seems to have undermined the availability of her network, meeting one of the criteria for a security incident. This is an escalation beyond a security event but does not reach the level of an intrusion because there is no evidence that the attacker has even attempted to gain access to systems on Mikaela's network. Security occurrence is not a term commonly used in incident handling.