As someone who is not so much on the technical side, I’m looking to put together a list of high risk and/or common information security incidents for security incident response purposes and want to know if there’s anything I might not have considered. I have done a fair amount of research but if someone could take a look at this list and see if there’s anything else I’ve missed I would be very appreciative.
* Unauthorised code/exploited code flaws
* Unauthorised public exposure of non-public/sensitive data or encryption keys
* Unauthorised modification or removal of data
* Loss of data or service availability (DDoS and non-DDos)
* Large scale/sustained credential stuffing, brute force or other account takeovers
* PII data collection
* Internal sites on Google search results