...
- Scope of impact, such as department, school or unit, campus, or University-wide.
- Criticality of the information system.
- Sensitivity of the information stored on or accessed through the system or service.
- Probability of propagation. Is the incident contained or can it spread beyond its current boundaries?
SEVERITY | DESCRIPTION |
---|
Critical | Potential operational disruption across a campus or all campuses. May have one or more of the following characteristics: - Possible breach of multiple critical information systems.
- Involves a significant number of sensitive records.
- May result in a breach notification to a significant number of patients, students, and/or employees.
- Is likely to be the subject of national or regional press coverage.
- Is likely to result in notification to a federal or state regulator.
- Could otherwise negatively impact or present a significant to the University.
|
High | Potential operational disruption of a school or unit (e.g., Camden or SOM University Hospitals). May have one or more of the following characteristics:- Possible breach of multiple critical information systems.
- Involves a significant number of sensitive records.
- May result in a breach notification to a significant number of patients, students, and/or employees.
- Is likely to be the subject of national or regional press coverage.
- Is likely to result in notification to a federal or state regulator.
- Could otherwise negatively impact or present a significant risk to the University.
|
Medium | Impact to a business unit that is serious and possibly results in an operational disruption. May have one or more of the following characteristics:- Is the result of malicious activity.
- Could or has resulted in the breach of one or more of the business unit's critical information systems.
- May result in a breach notification to a significant number of patients, students, and/or employees.
- Involves a significant number of sensitive records handled by the business unit.
- Is an unauthorized attempt to access, use, or steal sensitive records handled by the business unit.
|
Low | Impact to a business unit is minor and may present an operational risk if not addressed immediately. May have one or more of the following characteristics:- Is the result of intentional attempts to breach a critical information system?
- Is the result of multiple SPAM or virus attacks targeting the business unit?
|
B. INCIDENT HANDLING AND REPORTING
...