A security breach is an intentional or unintentional event that has or may have compromised the integrity, confidentiality, or appropriate level of availability of information or services for which the organization is responsible. This can happen, for example, in connection with a phishing, hacking or denial-of-service attack. When a security breach occurs, the most important thing is to act quickly to prevent further damage.
A security breach can be detected by anyone and can happen in almost any system. All suspicions must be taken seriously. For example, a malware attack may appear on your computer as a slow motion, a crash, or an occasional network outage.
The types of security incidents can be classified according to the table below.
Data breach
A privacy breach is usually easier to detect. The notice should be made, for example, when it is discovered that personal data has ended up with a party who should not have obtained personal data or should not have had even a theoretical right of access to the personal data. For example such a situation may be at hand if you accidentally send an e-mail containing confidential information to the wrong recipient.
Contacting
If you suspect that you are in a data protection and security breach situation, report your suspicion immediately to the Metropolia Helpdesk and / or the Data Protection Officer and / or Security designer.
HelpDesk - 09 7424 6777
Data Protection Officer Tuulia Aarnio - 040 844 069
Information Security designer Kimmo Valtimo - 040 7194938
Relevant information about the security breach is:
- A description of the security breach or threat
- Event & time
- Location / target
- Security incident type
Breach type | Incident type | Example |
Offensive content | Spam | Unsolicited discussion group or e-mail message that is often sent for advertising purposes to a large number of recipients in one |
Hate speech | Disgraceful or discriminatory communication | |
| Illegal content against children. | Child pornography, brutal violence, etc. | |
Malware code | Virus | Software that is intentionally installed on a system in a malicious way. Activation of the software usually requires user intervention. |
Worm | ||
Trojan | ||
Spyware | ||
Rootkit | ||
| Ransomware | ||
Gathering information | Network scanning | Automatic inquiry about the structure of the network and the availability of the systems in it |
Network sniffing | The purpose of network sniffing is to monitor network traffic, monitor it, or obtain information about messages and passwords moving on the network. | |
Social intelligence | Interpersonal intelligence, for example, appearing on the phone as someone else as a person other than themselves or falsely representing an organization as confidential information to obtain. | |
Intrusion attempt | Exploitation of a known vulnerability | Intrusion into an information system or network using a commonly known vulnerability |
Login attempt | The aim is to access the service via login by utilizing, for example, password lists | |
A new way of penetrating | Intrusion into a service or network using a previously unknown vulnerability | |
Illegal intrusion | Admin account fraction | Illegal intrusion into a network or information system. The intrusion may exploit the vulnerability or it may also be done locally. Also includes working as part of a botnet. |
Basic user account fraction | ||
Hacking the software | ||
Terminal as part of a bot network | ||
Data access problem | Denial of service attack | Availability problems can be caused by various denial-of-service attacks or, for example, power supply problems. |
Sabotage | ||
Blackout | ||
Data security | Unauthorized access to information | Deviations related to the data may be related to e.g. hacking a user account or application, sniffing the network, or configuring it incorrectly |
Unauthorized modification of data | ||
Fraud | Illegal use of services | Use of the Services for Illegal Purposes |
Copyright Infringement | Installing or selling an unlicensed application | |
Impersonation | Identity theft | |
Phishing | Phishing for confidential or sensitive information | |
Vulnerability | The system is open for abuse | There are unpatched vulnerabilities in the system or the system is incorrectly configured |
Something else | All other deviations that do not fit into other categories |