本文档提供了一个全面的安全事件分类模型和相关分类（基于 现有结果和实际用户体验），涵盖安全事件和漏洞。后两个 当违反组织的安全策略时，成为不符合项。本文件主要支持 操作安全人员努力对检测到的安全事件进行鉴定和分类，更广泛地说，包括 利益相关者（尤其是CISO和IT安全经理）需要建立一种通用语言。

The present document provides a comprehensive security event classification model and associated taxonomy (based on existing results and hands-on user experience), covering both security incidents and vulnerabilities. The two latter ones become nonconformities when they violate an organization's security policy. The present document mainly supports operational security staff in their effort to qualify and categorize detected security events, and more generally all stakeholders (especially CISOs and IT security managers) in their needs to establish a common language.