Standard
Version Date: Effective Date: Last Review: Next Review:
IR0001.02
Category:
Incident Response
11/11/2004 3/31/2005
Information Security Incident Classification Matrix Security Program for the Information and Computing Environment Project HSC Chief, Information Security
Purpose:
To establish information security incident levels as guidelines for the HSC community and the HSC Security Incident Response Team.
Reference:
None
Standard:
1. The following matrix shall be used to classify HSC information security incidents: Level 1 Guarded Impact
Minor impact on Operations. Information is received concerning threats to which the HSC Information and Computing environment is vulnerable. An IT-Resource has been stolen or lost containing information classified above Unrestricted.
Level 2 Elevated
Moderate impact on operations. Business continuity at risk or affected. Credible threat of an imminent attack. An IT-Resource has been stolen or lost containing information classified above Operational. Potential long-term negative effect on the institution. Potential substantial negative financial impact or loss of public confidence Identified risk for personal harm or safety. A physical intrusion to secured locations has been detected. Abuse of privileged access to ITResources . Suspected or confirmed breach of medium to low volume of Restricted data Data classified Sensitive: Availability affected or lost.
Level 3 Severe
Severe impact on operations. Business continuity is disrupted. Long-term negative effect on the institution. Likely substantial negative financial impact or loss of public confidence.
Avi Baumstein! 10/13/09 4:45 PM Formatted: Bullets and Numbering Colleen Ebel! 11/12/09 1:02 AM
Deleted: Multiple instances of s
People
A physical intrusion has been detected. Physical security suspect. Abuse of User Privilege. Local information security policies and procedures have been violated.
Data
(Either in transmission or
Standard IR0001.02
Integrity violated. Confidentiality suspect or compromised. Integrity violated. Confidentiality suspect or compromised.
Deleted: <#>Unauthorized access or requests ... [2] for access. Deleted: <#>Loss of data. <#>Risk for or unauthorized disclosure. ... [3] ... [4]
at rest)
Availability affected or lost. Integrity violated. Confidentiality suspect or compromised. Availability of systems affected Denial of service attack(s) with no impact on operations System probes, scans, and/or similar activities are detected on IT Resources. Incidental unsuccessful access. Instances of malware detected and handled by deployed anti virus or other installed software. Vulnerable to a known exploit. Contain content in violation of UF policies
Systems
Significant number of systems affected. Loss of (non critical) systems or applications Denial of service attack(s) with impact on operations Penetration attempts detected with impact on operations System Integrity compromised Widespread instances of malware, not handled by deployed anti virus or other installed software. Contain content in violation of federal and/or State law.
... [6]
Avi Baumstein! 10/13/09 4:37 PM Formatted Avi Baumstein! 10/13/09 4:34 PM Formatted: Bullets and Numbering Avi Baumstein! 10/13/09 4:40 PM
Deleted: <#>Potential for penetration detected.
Avi Baumstein! 10/13/09 4:48 PM Formatted: Bullets and Numbering ... [11] Avi Baumstein! 10/13/09 4:47 PM Formatted: Bullets and Numbering ... [12] Avi Baumstein! 10/13/09 4:48 PM
Deleted: Widespread number of systems ... [13] affected. Avi ! 10/13/09 4:48 PM LossBaumstein of mission critical systems or mission Formatted critical applications. ... [14] Contain content in violation of federal and/or Avi Baumstein ! 10/13/09 4:41 PM State law. Formatted ... [15]
... [19]
Avi Baumstein! 10/13/09 4:41 PM Formatted: Bullets and Numbering ... [20] Avi Baumstein! 10/13/09 4:47 PM
Deleted: <#>Penetration attempts detected ... [21] with impact on operations Avi Baumstein ! 10/13/09 4:41 PM <#>Denial of service attack(s) with impact on Formatted: Bullets and Numbering ... [22] operations <#>Significant number of systems affected. Avi Baumstein ! 10/13/09 4:41 PM <#>System Integrity compromised Formatted <#>Loss of (non critical) systems or ... [23] applications
Avi Baumstein! 10/13/09 4:34 PM Formatted: Bullets and Numbering ... [25]