Kindly enlighten me with what is the difference between IS weakness, event and incident?
In my opinion, weakness can be an event if it is exploited. And an event can be an incident if it endangers the CIA of organization's information asset.
Answer:
Ok, you are right. In accordance with ISO 27000:2012, a vulnerability "is a weakness of an asset or control that can be exploited by one or more threats, and an event is an occurrence or change of a particular set of circumstances and An event can sometimes be referred to as an incident or accident . So, an incident can be an event.
Comment as guest or Sign in
Jan 12, 2016