Clearly define and communicate the characteristics of potential security incidents so they can be properly classified and treated by the incident and problem management process.