University Policies

Page tree

Versions Compared

Old Version 7

changes.mady.by.user Raghu, Rachana

Saved on

compared with

New Version 8

changes.mady.by.user Raghu, Rachana

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

A. Event Categorization
This list is not comprehensive and other categories may be added to help with the reporting process. Security events must be categorized according to the potential impact or threat to the confidentiality, integrity, and availability of the University's electronic information and/or information systems. Categorization is necessary in order to assess the risk to the University's business services and operations, and to determine the appropriate response.

  1. Incident Types

    TYPE

    DESCRIPTION

    Attempted Intrusion

    A significant and/or persistent attempted intrusion that stands out above the daily activity and could result in unauthorized access of the target electronic information or information system.

    Denial of Service

    Intentional or unintentional denial of service (successful or persistent attempts) that affects or threatens to affect a critical service or denies access to all or one or more large portions of the University's network.

    Malicious Code

    All instances of successful infection or persistent attempts at infection by malicious code, such as viruses, Trojan horses, or worms.

    Policy Violation

    Access or use of the university's electronic information or information systems that violates Rowan policies and may present a risk to the University's electronic information or information systems.

    Reconnaissance Activity

    Instances of unauthorized port scanning, network sniffing, resourcing mapping probes and scans, and other activities that are intended to collect information about vulnerabilities in the University's network and to map network resources and available services.

    Social Engineering

    An instance (or instances) where an attacker uses human interaction to obtain or compromise information about the University, its personnel, or its information systems.

    System Compromise/Intrusion

    All unintentional or intentional instances of system compromise or intrusion by unauthorized persons, including user-level compromises, root (administrator) compromises, and instances in which users exceed privilege levels.

    Unauthorized Use

    Any activity that is not recognized as being related to University business or normal use.

  2. Incident Severity Levels

Rating the severity of an incident is a subjective measure of its threat to Rowan's operations. The severity level helps determine the priority for handling the incident, who manages the incident, and the incident response plan.
The following factors help determine severity level:

    • Scope of impact, such as department, school or unit, campus, or University-wide.
    • Criticality of the information system.
    • Sensitivity of the information stored on or accessed through the system or service.
    • Probability of propagation. Is the incident contained or can it spread beyond its current boundaries?

 

SEVERITYDESCRIPTION
Critical

Potential operational disruption across a campus or all campuses. May have one or more of the following characteristics:

  • Possible breach of multiple critical information systems.
  • Involves a significant number of sensitive records.
  • May result in a breach notification to a significant number of patients, students, and/or employees.
  • Is likely to be the subject of national or regional press coverage.
  • Is likely to result in notification to a federal or state regulator.
  • Could otherwise negatively impact or present a significant to the University.
 
High Potential operational disruption of a school or unit (e.g., Camden or SOM University Hospitals). May have one or more of the following characteristics:
  • Possible breach of multiple critical information systems.
  • Involves a significant number of sensitive records.
  • May result in a breach notification to a significant number of patients, students, and/or employees.
  • Is likely to be the subject of national or regional press coverage.
  • Is likely to result in notification to a federal or state regulator.
  • Could otherwise negatively impact or present a significant risk to the University.
 
MediumImpact to a business unit that is serious and possibly results in an operational disruption. May have one or more of the following characteristics:
  • Is the result of malicious activity.
  • Could or has resulted in the breach of one or more of the business unit's critical information systems.
  • May result in a breach notification to a significant number of patients, students, and/or employees.
  • Involves a significant number of sensitive records handled by the business unit.
  • Is an unauthorized attempt to access, use, or steal sensitive records handled by the business unit.
LowImpact to a business unit is minor and may present an operational risk if not addressed immediately. May have one or more of the following characteristics:
  • Is the result of intentional attempts to breach a critical information system?
  • Is the result of multiple SPAM or virus attacks targeting the business unit?

 

B. INCIDENT HANDLING AND REPORTING

...