Security Program for the Information and Computing Environment Standard: Title:

Standard
Version Date: Effective Date: Last Review: Next Review:

IR0001.02

Category:

Incident Response

11/11/2004 3/31/2005

Information Security Incident Classification Matrix Security Program for the Information and Computing Environment Project HSC Chief, Information Security

Originating Unit: Review Resp:

Purpose:
To establish information security incident levels as guidelines for the HSC community and the HSC Security Incident Response Team.

Reference:
None

Standard:
1. The following matrix shall be used to classify HSC information security incidents: Level 1 Guarded Impact
Minor impact on Operations. Information is received concerning threats to which the HSC Information and Computing environment is vulnerable. An IT-Resource has been stolen or lost containing information classified above Unrestricted.

Level 2 Elevated
Moderate impact on operations. Business continuity at risk or affected. Credible threat of an imminent attack. An IT-Resource has been stolen or lost containing information classified above Operational. Potential long-term negative effect on the institution. Potential substantial negative financial impact or loss of public confidence Identified risk for personal harm or safety. A physical intrusion to secured locations has been detected. Abuse of privileged access to ITResources . Suspected or confirmed breach of medium to low volume of Restricted data Data classified Sensitive: Availability affected or lost.

Level 3 Severe
Severe impact on operations. Business continuity is disrupted. Long-term negative effect on the institution. Likely substantial negative financial impact or loss of public confidence.

Avi Baumstein! 10/13/09 4:34 PM

Deleted: Believed

Avi Baumstein! 10/13/09 4:45 PM

Deleted: <#>Abuse of User Privilege.

Avi Baumstein! 10/13/09 4:35 PM

Deleted: Personnel

Avi Baumstein! 10/13/09 4:45 PM Formatted: Bullets and Numbering Colleen Ebel! 11/12/09 1:02 AM
Deleted: Multiple instances of s

Avi Baumstein! 10/13/09 4:35 PM

Deleted: <#>Potential for personal harm or safety.

Avi Baumstein! 10/13/09 4:36 PM

Personal security or safety has been compromised Persons have been harmed. Suspected or confirmed breach of a high volume of Restricted data
Deleted: identity theft.

People

A physical intrusion has been detected. Physical security suspect. Abuse of User Privilege. Local information security policies and procedures have been violated.

Avi Baumstein! 10/13/09 4:36 PM

Deleted: above user level

Colleen Ebel! 11/12/09 1:01 AM

Deleted: PHI or PII.

Colleen Ebel! 11/12/09 1:03 AM

Deleted: Isolated case of s

Avi Baumstein! 10/13/09 4:37 PM

Deleted: identity theft.

Colleen Ebel! 11/12/09 1:01 AM

Data classified Restricted: Availability affected or lost.
Deleted: PHI or PII

Data
(Either in transmission or

Data classified Unrestricted or Operational:

Avi Baumstein! 10/13/09 4:38 PM

Deleted: or above

Avi Baumstein! 10/13/09 4:38 PM

Deleted: <#>Unauthorized access or requests ... [1] for access. Health Science Center - SPICE

Standard IR0001.02
Integrity violated. Confidentiality suspect or compromised. Integrity violated. Confidentiality suspect or compromised.

Avi Baumstein! 10/13/09 4:39 PM Avi Baumstein! 10/13/09 4:38 PM

Deleted: <#>Unauthorized access or requests ... [2] for access. Deleted: <#>Loss of data. <#>Risk for or unauthorized disclosure. ... [3] ... [4]

at rest)

Availability affected or lost. Integrity violated. Confidentiality suspect or compromised. Availability of systems affected Denial of service attack(s) with no impact on operations System probes, scans, and/or similar activities are detected on IT Resources. Incidental unsuccessful access. Instances of malware detected and handled by deployed anti virus or other installed software. Vulnerable to a known exploit. Contain content in violation of UF policies

Avi Baumstein! 10/13/09 4:39 PM

Deleted: <#>Loss of data. <#>Unauthorized disclosure.

Avi Baumstein! 10/13/09 4:37 PM

Deleted: <#>Unauthorized access or requests ... [5] for access.

Avi Baumstein! 10/13/09 4:37 PM

Systems

Significant number of systems affected. Loss of (non critical) systems or applications Denial of service attack(s) with impact on operations Penetration attempts detected with impact on operations System Integrity compromised Widespread instances of malware, not handled by deployed anti virus or other installed software. Contain content in violation of federal and/or State law.

Widespread number of systems affected.

Deleted: <#>Little or no loss of data.

... [6]

Loss of mission critical systems or mission critical applications.

Penetration detected with significant impact on operations.

Avi Baumstein! 10/13/09 4:37 PM

Deleted: Vulnerable to a known exploit.

Avi Baumstein! 10/13/09 4:37 PM Formatted Avi Baumstein! 10/13/09 4:34 PM Formatted: Bullets and Numbering Avi Baumstein! 10/13/09 4:40 PM
Deleted: <#>Potential for penetration detected.

... [7] ... [8] ... [9] ... [10]

Avi Baumstein! 10/13/09 4:48 PM Formatted

Avi Baumstein! 10/13/09 4:48 PM Formatted: Bullets and Numbering ... [11] Avi Baumstein! 10/13/09 4:47 PM Formatted: Bullets and Numbering ... [12] Avi Baumstein! 10/13/09 4:48 PM
Deleted: Widespread number of systems ... [13] affected. Avi ! 10/13/09 4:48 PM LossBaumstein of mission critical systems or mission Formatted critical applications. ... [14] Contain content in violation of federal and/or Avi Baumstein ! 10/13/09 4:41 PM State law. Formatted ... [15]

Avi Baumstein! 10/13/09 4:40 PM

Deleted: known computer viruses and/or ... [16] worms are

Avi Baumstein! 10/13/09 4:40 PM

Deleted: easily

Avi Baumstein! 10/13/09 4:40 PM

Deleted: known viruses and/or worms

Avi Baumstein! 10/13/09 4:41 PM

Deleted: <#>Unauthorized access suspected. ... [17]

Avi Baumstein! 10/13/09 4:47 PM

Deleted: <#>Incidental unsuccessful access. ... [18]

Avi Baumstein! 10/13/09 4:41 PM Formatted

... [19]

Avi Baumstein! 10/13/09 4:41 PM Formatted: Bullets and Numbering ... [20] Avi Baumstein! 10/13/09 4:47 PM
Deleted: <#>Penetration attempts detected ... [21] with impact on operations Avi Baumstein ! 10/13/09 4:41 PM <#>Denial of service attack(s) with impact on Formatted: Bullets and Numbering ... [22] operations <#>Significant number of systems affected. Avi Baumstein ! 10/13/09 4:41 PM <#>System Integrity compromised Formatted <#>Loss of (non critical) systems or ... [23] applications

Avi Baumstein! 10/13/09 4:41 PM

Deleted: Contain content in violation of ... UF[24] policies

Avi Baumstein! 10/13/09 4:34 PM Formatted: Bullets and Numbering ... [25]