This policy applies to all members of the Rowan community, including faculty, staff, non-employees, students, attending physicians, contractors, covered entities, agents of Rowan, and visitors, who have been explicitly and specifically authorized to access and use any information asset, product or service that requires processing, transmitting, or storage of Rowan data or information.
Minor Incident: A security incident that does not have a significant impact on institutional services and operations. Often, minor incidents are isolated and not the result of targeted attacks. Furthermore, these types of incidents have a prescribed or known method of resolution, such as a patch installation, malware definition update, or configuration change. These types of incidents are generally resolved by following Standard Operating Procedures (SOPs). Examples of these types of incidents include, but are not limited to:
Incident involving web page defacement.
Incidents involving non-targeted email phishing.
Incident involving malware infections where no sensitive data was at risk.
Major Incident: A security incident that has the potential for high impact on institutional reputation, services, information, and operations. Major incidents often involve highly sensitive data. These types of incidents may require the involvement of various teams, internal and external, to assist in the response. Examples of these types of incidents may include, but are not limited to:
Incidents involving critical vulnerabilities as defined by the Rowan Vulnerability Management Program.
Incidents involving breaches on enterprise systems of record, especially those that result in extended outages.
Incidents involving systems that are conducting attacks against other Rowan services or against the services of third parties.
Incidents involving law enforcement agencies.
Incidents involving successful targeted social engineering, such as spear phishing.
Refer to Rowan University Technology Terms and Definitions for terms and definitions that are used in this policy.