1

I'm studying for the CCSP exam and I came across this description:

An event is any unscheduled adverse impact to the operating environment. An event is distinguished from a disaster by the duration of the impact. We consider an event's impact to last three days or less; a disaster's impact lasts longer. An event can become a disaster. Causes of either/both can be anthropogenic, natural forces, internal or external, malicious or accidental.

This doesn't sound right to me. I thought that an "event", in and of itself, was neither good nor bad... it is an unplanned change of state in the environment. An "incident" seems to better align with description above which the purpose/affect is negative in nature.

I tried searching through other material and couldn't find clarification. Perhaps I'm remembering it incorrectly?

Mike B
  • 3,336
  • 4
  • 29
  • 39

1 Answers1

2

Totally depends on the context.

A cybersecurity event may simply be an action taken without inherent goodness or badness (user logged in, user failed authentication, logs were rotated, etc.).

A Business Continuity event or a disaster event is a different type of event. In this context, in order to classify it as a BC or DR "event" something "bad" must have happened (winds were 50 mph causing trees to fall on power lines), even if the impact was small. Else, there is no reason to classify it at all (wind was 5 mph).

Ultimately, it's semantics.

schroeder
  • 123,438
  • 55
  • 284
  • 319