Which of the following should be reported as a potential security incident (in accordance with your Agency's insider threat policy)?
a) Routine system updates
b) Unusual network activity
c) Employee vacation plans
d) Personal software installations