Security or risk component associated with an
incident IT personnel analyzing an incident or problem
need to understand the security nature of the incident or
problem, including whether the incident or problem has
an impact on security. For instance, a malfunctioning
firewall may be permitting traffic to pass through a control
point that should not be permitted. Further, many security
incidents are first recognized as simple malfunctions or
outages and recognized later as symptoms of an attack.
For example, users complaining of slow or unresponsiveservers may be experiencing the effects of a distributed
denial-of-service (DDoS) attack on the organization’s
servers, which, incidentally, may be a diversionary tactic to
an actual attack occurring elsewhere in the organization.
In the context of problem management, a server suffering
from availability or performance issues may have been
compromised and altered by an attacker.