Classifying the severity of a cyber incident

Share on facebook
Share on twitter
Share on linkedin
Share on email
Share on whatsapp

Ideally, you would already have classified your data and be aligned with a cybersecurity or compliance framework to be able to effectively classify the severity level of a cyber incident. This quick reference model can help with communication and the next steps for incidents.

 

classification of incident levels

 

 

 

 

 

 

 

High-Level Cyber Incidents — Exposure (or possible exposure) of personally identifiable information (PII), payment card information (PCI), protected health information (PHI), Controlled Unclassified Information (CUI), classified information, or other data that could lead to critical losses if disclosed or corrupted.  Examples of “other data” could include client data, pricing models, secret recipes, and so on.

Medium-Level Cyber Incidents — Exposure (or possible exposure) of Confidential information that could result in a significant loss to the organization if lost or disclosed.  Examples of confidential data could be business proposals, customer lists, HR files, student behavior reports, staff compensation, and financial reports.

Low-Level Cyber Incidents — An incident in which no data is exposed or possibly exposed or the only data exposed or possibly exposed is publicly available or of no value.  Examples would be email address lists, training materials (if not confidential), press releases, and class schedules.

ProVision Request a Quote

Classifying an incident properly can help with determining who needs to be notified and what other steps to follow in your incident response playbook.  Third-party breach response resources can also be engaged to help you/your customers to correctly classify and respond to an incident as failure to do this step right can result in increased exposure for damages.

Tracy Fox

Sign Up For Our Blog

Get our latest content delivered to your inbox.

partner with foresite consulting to become a More Effective Leader

Develop the skills and strategies you need to take your company to the next level of success.

Foresite Cybersecurity Announces Pivot to Open XDR & Compliance Platform

Search