12. What is an information security incident?
An information security incident can be defined as any event or set of circumstances that threaten the confidentiality, integrity or availability of the council’s information. This could include but is not limited to:
- Accidental or unlawful destruction of information (destroying or altering information to avoid disclosure)
- Loss of information (including mobile devices)
- Unauthorised alteration of information
- Unauthorised disclosure of information
- Unauthorised access to information (someone’s job role does not permit them to access specific information, unauthorised access to building, hacking and ransomware attacks)
For more information, please download our Information Security Incident Reporting Procedure.