Incident Terminology Notes

Breach (Data Breach)

  • Definition (transcript): The loss of control, compromise, unauthorized disclosure, unauthorized acquisition, or any similar occurrence where:

    • a person other than an authorized user accesses or potentially accesses personally identifiable information (PII); or

    • an authorized user accesses PII for other than an authorized purpose.

  • Key points:

    • Focus on unauthorized access to PII or inappropriate use of PII by authorized/unauthorized users.

    • Described as a type of security incident terminology used in practice by security professionals.

  • Source references:

    • NIST SP 800-53 Rev. 5

  • Related concepts:

    • Distinguishes data exposure from mere access or misuse; emphasizes confidentiality impact on PII.

Exploit

  • Definition (transcript cue): A particular attack. It is named this way because these attacks exploit system vulnerabilities.

  • Key points:

    • Exploit refers to a specific attack method or technique that takes advantage of a vulnerability in a system.

    • Serves as the mechanism by which a vulnerability is operationalized to compromise controls, systems, or data.

  • Practical implication:

    • Exploits are the bridge between vulnerability (weakness) and incident (breach/compromise).

  • Note:

    • Source not explicitly tied to a single standard in the transcript beyond the definitional sentence; broadly aligns with common security terminology.

Incident

  • Definition (transcript): A security event, or combination of events, that constitutes a deliberate security incident in which an intruder gains, or attempts to gain, access to a system or system resource without authorization.

  • Key points:

    • Emphasizes intentional or deliberate security breaches.

    • Focus on unauthorized access to a system or resource.

  • Source references:

    • IETF RFC 4949 Ver 2

  • Related concepts:

    • Distinct from a mere event; an incident is an aggregated or singular event that qualifies as a deliberate security breach.

Event

  • Definition (transcript): Any observable occurrence in a network or system.

  • Key points:

    • Event is any observable thing that happens in a network/system; not necessarily malicious.

    • Serves as a building block for determining whether an incident has occurred.

  • Source references:

    • NIST SP 800-61 Rev 2

  • Relationship to other terms:

    • Multiple events can constitute an incident when they collectively meet the criteria of a deliberate security incident.

Vulnerability

  • Definition (transcript): Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited by a threat source.

  • Key points:

    • Represents a weakness that could be leveraged by a threat.

    • Not itself an attack or incident; a latent flaw that enables attacks.

  • Source references:

    • NIST SP 800-30 Rev 1

  • Related concepts:

    • Drives risk: vulnerability + threat potential leads to risk; exploitation converts vulnerability into an incident.

Threat

  • Definition (transcript): Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/ or denial of service.

  • Key points:

    • Threat is a potential cause of a security incident, not the incident itself.

    • Encompasses a broad range of potential harms (confidentiality, integrity, availability).

  • Source references:

    • NIST SP 800-30 Rev 1

  • Relationship to other terms:

    • Threats exploit vulnerabilities; their existence drives risk assessments and defense planning.

Zero-day / Zero-day vulnerability

  • Definition (transcript): A previously unknown system vulnerability with the potential of exploitation without risk of detection or prevention because it does not, in general, fit recognized patterns, signatures, or methods.

  • Key points:

    • Unknown to defenders at discovery time.

    • Exploitable before a patch or signature exists; difficult to detect with standard defenses.

  • Context:

    • Listed with other terms as part of incident terminology.

  • Implications:

    • Increases risk due to lack of known mitigations and detection capabilities; requires adaptive monitoring and rapid patching.

Intrusion

  • Context in transcript:

    • Used within the incident definition: an intruder gains, or attempts to gain, access to a system or resource without authorization.

  • Definition (inferred from usage):

    • An act or attempt of unauthorized access into a system.

  • Relationship to other terms:

    • An intrusion can be part of an incident or incident sequence; a successful intrusion may lead to a breach or data exposure.

Quick reference to sources

  • Breach (data breach): NIST SP 800-53 Rev 5

  • Incident: IETF RFC 4949 Ver 2; NIST SP 800-61 Rev 2 context

  • Event: NIST SP 800-61 Rev 2

  • Vulnerability: NIST SP 800-30 Rev 1

  • Threat: NIST SP 800-30 Rev 1

  • Zero-day / Zero-day vulnerability: contextual definitions in standard incident terminology