University Policies

Page tree

Versions Compared

Old Version 4

changes.mady.by.user Raghu, Rachana

Saved on

compared with

New Version 5

changes.mady.by.user Raghu, Rachana

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

    • Scope of impact, such as department, school or unit, campus, or University-wide.
    • Criticality of the information system.
    • Sensitivity of the information stored on or accessed through the system or service.
    • Probability of propagation. Is the incident contained or can it spread beyond its current boundaries?

 

SEVERITYDESCRIPTION
Critical

Potential operational disruption across a campus or all campuses. May have one or more of the following characteristics:

  • Possible breach of multiple critical information systems.
  • Involves a significant number of sensitive records.
  • May result in a breach notification to a significant number of patients, students, and/or employees.
  • Is likely to be the subject of national or regional press coverage.
  • Is likely to result in notification to a federal or state regulator.
  • Could otherwise negatively impact or present a significant to the University.


 High Potential operational disruption of a school or unit (e.g., Camden or SOM University Hospitals). May have one or more of the following characteristics:
  • Possible breach of multiple critical information systems.
  • Involves a significant number of sensitive records.
  • May result in a breach notification to a significant number of patients, students, and/or employees.
  • Is likely to be the subject of national or regional press coverage.
  • Is likely to result in notification to a federal or state regulator.
  • Could otherwise negatively impact or present a significant risk to the University.
 MediumImpact to a business unit that is serious and possibly results in an operational disruption. May have one or more of the following characteristics:
  • Is the result of malicious activity.
  • Could or has resulted in the breach of one or more of the business unit's critical information systems.
  • May result in a breach notification to a significant number of patients, students, and/or employees.
  • Involves a significant number of sensitive records handled by the business unit.
  • Is an unauthorized attempt to access, use, or steal sensitive records handled by the business unit.
LowImpact to a business unit is minor and may present an operational risk if not addressed immediately. May have one or more of the following characteristics:
  • Is the result of intentional attempts to breach a critical information system?
  • Is the result of multiple SPAM or virus attacks targeting the business unit?

 

B. INCIDENT HANDLING AND REPORTING

...