For the purposes of this toolkit, we will define “incident” as any event that has a negative impact on the security of network and information systems. This can range from complex and sophisticated technical attacks to system malfunctioning caused by human error.
However, when it comes to ICT systems of special importance , such as those which are part of a country’s critical infrastructure (power supply, telecommunications, etc.) or used for banking services, they have an obligation to report incidents in their systems to competent state bodies and authorities. For example, if the incident occured in the banking sector, the operator of the ICT system needs to notify the country’s central bank.
When there are more serious incidents and attacks, which can strongly affect national defence or national security, relevant intelligence and security services and agencies (military or civilian) should be notified as well. In addition, when an incident involves and affects personal data, the national data protection authority (Commissioner, Agency, Commission, etc.) is also to be notified.
Sometimes it is very difficult to distinguish between types of incidents, as they can occur simultaneously. Below is a list of some of the types of incidents which usually require sending an incident notice to the competent state authorities:
- Breaking into the ICT system: an attack on a computer network and server infrastructure which, by violating protection measures, enabled access to the ICT system and unauthorised influence on its operation;
- Data leakage: availability of protected data outside the circle of persons authorised to access data;
- Unauthorised modification of data;
- Data loss;
- Interruption in the functioning of the system or part of the system;
- Denial of service attacks [DDoS] ;
- Installation of malware within the ICT system;
- Unauthorised data collection through unauthorised surveillance of communications or social engineering;
- Constant attack on certain resources;
- Abuse of authority to access ICT system resources;
- Other incidents