An information security attack or incident is an event that adversely affects the confidentiality, integrity, or availability of an organization's information assets. Legal incidents (e.g., non-compliance with data protection laws), privacy incidents (e.g., data breaches), and the exploitation of technical vulnerabilities are all recognized categories of events within the information security domain. A vehicular incident, such as a car accident, is fundamentally a physical safety event. While such an event could have secondary consequences for information security (e.g., a laptop containing sensitive data is destroyed), the incident itself is not classified as a type of information security attack.

A. Legal Incidents: These are directly related to information security, as they can involve non-compliance with regulations (like GDPR) or intellectual property theft, which are security events.

C. Technical Vulnerabilities: The exploitation of technical vulnerabilities is a primary vector for information security attacks and is a core concept in the field.

D. Privacy Incidents: These are a critical subset of information security incidents, specifically dealing with the compromise of personally identifiable information (PII).

---

1. ISO/IEC 27000:2018 - Information technology — Security techniques — Information security management systems — Overview and vocabulary.

Section 3.33: Defines an "information security incident" as "a single or a series of unwanted or unexpected information security events that have a significant probability of compromising business operations and threatening information security." This definition encompasses legal, privacy, and technical vulnerability-related events but does not include categories like vehicular incidents.

2. NIST Special Publication 800-61 Rev. 2, "Computer Security Incident Handling Guide."

Section 2.3.1, Incident Categorization: This guide provides a baseline set of incident categories, including Unauthorized Access, Denial of Service, Malicious Code, and Improper Usage. These categories align with the concepts of technical, legal, and privacy incidents but do not include physical events like vehicular incidents as a primary category of computer security incidents.

3. Blakley, B., & McDermott, E. (2016). The Official (ISC)2 Guide to the CISSP CBK. CRC Press.

Chapter 19, Managing Security Operations: This chapter details security operations and incident management. It classifies incidents into categories such as network intrusions, malware infections, and policy violations. The taxonomy is focused on threats to information systems, not general physical risks like vehicle accidents.