CAT 1
|
Unauthorized Disclosure of Confidential or Sensitive Information
|
An unauthorized deliberate or inadvertent disclosure of information classified as “confidential or sensitive.”
|
Immediately upon discovery / detection.
|
CAT 2
|
Unauthorized Information Resource Access
|
A person gains logical and / or physical access without permission to a SCO network, system, application, or other information resource.
|
Immediately upon discovery / detection.
|
CAT 3
|
Denial of Service
|
An attack that prevents or impairs the authorized use of SCO networks, systems, or applications by exhausting resources.
|
Within one hour of discovery / detection if the successful attack is still ongoing and the SCO or DTS (Department of Technology Services) is unable to successfully mitigate activity.
|
CAT 4
|
Malicious Code
|
A virus, worm, Trojan horse, or other code-based malicious entity that infects a host.
|
Immediately upon discovery / detection if the attack leads to a CAT 1, 2, or 3 incident; or within one hour if the attack is ongoing and spreading throughout the SCO enterprise and the SCO or DTS (Department of Technology Services) is unable to successfully mitigate activity.
|
CAT 5
|
Unauthorized Access to an SCO Facility or Work Area
|
A person who is not authorized by the appropriate division enters a secure work area or facility.
|
Immediately upon discovery / detection.
|
CAT 6
|
Theft or loss of a SCO Information Resource
|
The theft or loss of an SCO information resource (i.e., PC, laptop, PDA, server, Microfiche, CD-ROM, USB Drive, etc.).
|
Immediately upon discovery / detection if the violation leads to a CAT 1 or 2, incident; or within one day upon discovery / detection.
|
CAT 7
|
Violation of a SCO Information Security Program Standard
|
A person who violates any SCO Information Security Program Standard without being granted an exception by an authorized entity.
|
Immediately upon discovery / detection if the violation leads to a CAT 1, 2, or 3 incident; or within one day upon discovery / detection.
|
CAT 8
|
Inappropriate Usage
|
A person violates SCO and / or SCO Divisional acceptable information and / or information resource use policies.
|
Immediately upon discovery / detection if the violation leads to a CAT 1, 2, or 3 incident; or within one day upon discovery / detection.
|
CAT 9
|
Probes and Reconnaissance Scans
|
This category includes any activity that seeks to access or identify a SCO information resource, open ports, protocols, service, or any combination for later exploit. This activity does not directly result in a compromise or denial of service.
|
Monthly; if information resource stores confidential information or is classified as business critical, report within one hour of discovery.
|
CAT 10
|
Investigation
|
Unconfirmed incidents that are potentially malicious or anomalous activity deemed by the reporting entity to warrant further review.
|
Not Applicable; this category is for SCO use to categorize a potential incident that is currently being investigated.
|
