An incident can be defined as any malicious attack that has a nefarious purpose and which is against the security policies of the organization. For example, an illegal reading would be an event at first, but it is actually an incident. All the incidents must be stored for later analysis.