Cyber security incidents

A cyber security event is any occurrence indicating a possible compromise of policies or failure of controls, or an unmapped situation that can impact security. It can affect risk levels, without necessarily impacting the business or information.

It is important to note, however, that some events are designed to implant malware or other means of later compromise of systems and data.

All cyber security events should be recorded for future analysis and response. If a high number of events occurs, there may be a need to review risk assessments, policies and procedures.

A cyber security incident is an attack or attempted attack against a computer or network that harmed, or potentially may harm, the confidentiality, integrity or availability of network data or systems.
In general, cyber security incidents include, but are not limited to:

attempts to gain unauthorised access to a computer system or its information
unwanted disruption or denial of service
unauthorised use of a system for processing or storing information
changes to system hardware, firmware or software without the knowledge or consent of the system owner.

Because a cyber security incident affects the business or its information, incidents require immediate action to contain the impact and to recover normal operational conditions. Like events, they need to be recorded for future analysis.

Government agencies are required to report all cyber security incidents to National Cyber Security Centre (NCSC), within the Government Communications Security Bureau (GCSB) and are encouraged to also report those incidents to Cert NZ (but are not required to).

What is a cyber security event?

What is a cyber security incident?

Who should agencies report a cyber security incident to, NCSC or Cert NZ?