LOGBOOK

HELP

Quiz Entry - updated: 2026.06.20

How does the ISC² definition of a cyber security incident differ from the NIST definition?

Both describe an unwanted/unexpected event affecting security, but ISC² stresses harm (or likely harm) to business operations, while NIST stresses violation of confidentiality, integrity or availability.

The ISC² definition: a cyber security incident is an unwanted or unexpected event (or series of events) that either harms business operations or has a high probability of doing so. NIST: an event that actually or potentially jeopardises the confidentiality, integrity or availability (the "CIA triad") of an information system or its data, or that violates security policies or acceptable-use rules. The practical difference is emphasis — ISC² is business-impact-centric, NIST is CIA/policy-centric.

From Quiz: ISM / Security Incident Management | Updated: Jun 20, 2026