A security incident is a negative event which impairs information security (meaning confidentiality, availability and/
Are you unsure? Please let us know!
If you experience one of the situations described in these examples, please notify us as soon as possible. Security incidents can take many different forms and it is impossible to list all possible incidents. Therefore, you will find a definition of security incidents below.
Loss or theft of devices (e.g. laptops), data carriers (e.g. USB sticks) and documents or (unintended) disclosure of confidential information
Detection of malware on your device, irregular behavior of your device or your device does not function anymore
Blackmail or coercion to disclose confidential information or disobey rules, requests for information by third parties (personally, at the phone or via e-mail) or suspicious persons in protected areas
Detecting devices and items which are suddenly and without prior notice in your office (another computer, USB sticks, cables, boxes...)
Successful attack by fraudulent e-mail: Links were clicked, files were opened and information has been disclosed
Confidentiality, availability and integrity are the basic protection goals of information security. These goals have to be protected in order to prevent security incidents. If the protection of these goals fails and at least one of the protection goals is infringed, this is usually considered a security incident.
We use the definitions of the protection goals by the Federal Office for Information Security.
“Confidentiality is the protection against unauthorized disclosure of information. Only authorized persons may access confidential data and information in a lawful way.”
“The availability of services, functions of an IT system, IT applications or IT networks or the availability of information is given, if the aforementioned can be used as intended by the users.”