Any event that violates or threatens to violate a system’s security policies.
Examples:
- unauthorized access attempt
- accidental data leakage
- system misconfiguration causing exposure
- power failure affecting availability
Attack
An incident with malicious intent. Intentional and malicious.
Examples:
- hacking into a system
- injecting malicious code
- denial-of-service (DoS) attacks
Attacker
The human exploiting the vulnerability.
- Criminal-for-hire
Hired hackers. - Organized crime members
Professional groups. - Individual hackers
Solo attackers. - Terrorists
Ideologically driven attackers.
MOM
To carry out an attack, a malicious attacker must have:
- Method
Skills and tools for the attack. - Opportunity
Access and time to execute the attack. - Motive
Reason to perform the attack.