Put simply, a security incident can be defined as any fact or event which you think could affect your personal or organizational security.
Examples of security incidents could include seeing the same, suspicious vehicle parked outside your office or home over a number of days; the telephone ringing at night with nobody at the other end; somebody asking questions about you in a nearby town or village, a break-in to your house, etc.
But not everything you notice will constitute a security incident. You should therefore register it, by writing it down, and then analyse it, ideally with colleagues, to establish if it really could affect your security. At this point you can react to the incident. The sequence of events is as follows:
You notice something -> you realise it might be a security incident -> you register it / share it -> you analyse it -> you establish that it is a security incident -> you react appropriately.
If the matter is pressing, this sequence should still take place, just much more quickly than usual to avoid delay (see below).
How to distinguish between security incidents and threats:
If you are waiting for a bus and somebody standing next to you threatens you because of your work, this - apart from being a threat - constitutes a security incident. But if you discover that your office is being watched from a police car at the opposite side of the street, or your mobile phone is stolen, these are security incidents, but not necessarily threats. Remember: threats have an objective (see Chapter 2), and incidents just happen.
All threats are security incidents,
but not all security incidents are threats.