Examples of security incidents
If you experience one of the situations described in these examples, please notify us as soon as possible. Security incidents can take many different forms and it is impossible to list all possible incidents.
Loss or theft of devices (e.g. laptops), data carriers (e.g. USB sticks) and documents or (unintended) disclosure of confidential information
Detection of malware on your device, irregular behavior of your device or your device does not function anymore
Blackmail or coercion to disclose confidential information or disobey rules, requests for information by third parties (personally, at the phone or via e-mail) or suspicious persons in protected areas
Detecting devices and items which are suddenly and without prior notice in your office (another computer, USB sticks, cables, boxes...)
Successful attack by fraudulent e-mail: Links were clicked, files were opened and information has been disclosed
For each example the protection of the IT security goals fail and at least one of the protection goals is infringed:
- Personal data, research data or university / company data are affected (Confidentiality)
- Data/
information have been unlawfully manipulated (Integrity) - Systems/
applications/infrastructure have been unlawfully deleted, destroyed or limited (Availability)
The three protection goals of information security
Confidentiality, availability and integrity are the basic protection goals of information security. These goals have to be protected in order to prevent security incidents. If the protection of these goals fails and at least one of the protection goals is infringed, this is usually considered a security incident.
We use the definitions of the protection goals by the Federal Office for Information Security.
Confidentiality
“Confidentiality is the protection against unauthorized disclosure of information. Only authorized persons may access confidential data and information in a lawful way.”