A cyber security event is an occurrence of a system, service or network state indicating a possible breach of security policy, failure of safeguards or a previously unknown situation that may be relevant to security.
A cyber security incident is an unwanted or unexpected cyber security event, or a series of such events, that either has compromised business operations or has a significant probability of compromising business operations.
Cyber resilience is the ability to adapt to disruptions caused by cyber security incidents while maintaining continuous business operations. This includes the ability to detect, manage and recover from cyber security incidents.
One of the core elements of detecting and investigating cyber security incidents is the availability of appropriate data sources, such as event logs. The following event logs can be used by an organisation to assist with detecting and investigating cyber security incidents:
Further information on event logging can be found in the ‘Event logging and monitoring’ section of the Guidelines for system monitoring.
Further information on cyber security incident response plans can be found in the ‘System-specific cyber security documentation’ section of the Guidelines for cyber security documentation.
Further information on preparing for and responding to cyber security incidents can be found in ASD’s Cyber security incident response planning: Executive guidance and Cyber security incident response planning: Practitioner guidance publications.
Further information on understanding, identifying and preventing the insider threat can be found in the Attorney-General’s Department’s Countering the Insider Threat: A guide for Australian Government publication.
Further information on understanding, identifying and preventing the insider threat can also be found in the Australian Security Intelligence Organisation’s Countering the insider threat brochure and Countering the insider threat: A security manager’s guide publication.
Further information on understanding, identifying and preventing the insider threat can also be found on the United Kingdom’s National Protective Security Authority’s Insider Risk Guidance website.
Further information on developing, implementing and maintaining an insider threat mitigation program can be found in the United States’ Cybersecurity & Infrastructure Security Agency’s Insider Threat Mitigation Guide.
Further information on developing, implementing and maintaining an insider threat mitigation program can also be found in Carnegie Mellon University’s Software Engineering Institute’s Common Sense Guide to Mitigating Insider Threats, Seventh Edition publication.
Further information on reporting of cyber security incidents by service providers can be found in the ‘Managed services and cloud services’ section of the Guidelines for procurement and outsourcing.
Further information on reporting cybercrime incidents and reporting cyber security incidents, including ASD’s limited use obligation, is available from ASD.
11 controls