Incident Confirmation

« Back to Glossary Index

Incident Confirmation – A combination of the following activities can represent a security incident and thus require action. Although observing one of these symptoms is generally inconclusive, observing one or more of these symptoms in conjunction is motivation for further scrutiny: 

  • Unsuccessful logon attempts;
  • Unexplained system crashes;
  • Unexplained poor system performance;
  • Port scanning (use of exploit and vulnerability scanners, remote requests for information about systems and/or users, or social engineering attempts);
  • Unusual usage times(statistically, more security incidents occur during non-working hours than any other time); and
  • An indicated last time of usage of an account that does not correspond to the actual last time of usage for that account