RM-3.1.43

Entire section

Link

Print

Location:

Licensees should utilise pre-defined taxonomy for classifying cyber incidents according to, for example, the type of incident, threat actors, threat vectors and repercussions; and a pre-established severity assessment framework to help gauge the severity of the cyber incident. For example, taxonomies that can be used when describing cyber incidents:

(a) Describe the cause of the cyber incident (e.g. process failure, system failure, human error, external event, malicious action)

(b) Describe whether the cyber incident due to a third-party service provider

(c) Describe the attack vector (e.g. malware, virus, worm, malicious hyperlink)

(d) Describe the delivery channel used (e.g. e-mail, web browser, removable storage media)

(e) Describe the impact (e.g. service degradation/disruption, service downtime, potential impact to customers, data leakage, unavailability of data, data destruction/corruption, tarnishing of reputation)

(f) Describe the type of incident (e.g. zero-day attack, exploiting a known vulnerability, isolated incident)

(g) Describe the intent (e.g. malicious, theft, monetary gain, fraud, political, espionage, opportunistic)

(h) Describe the threat actor (e.g. script kiddies, amateur, criminal syndicate, hacktivist, nation state)

The cyber incident severity may be classified as:

(a) Severity 1 incident has or will cause a serious disruption or degradation of critical service(s) and there is potentially high impact on public confidence in the licensee.

(b) Severity 2 incident has or will cause some degradation of critical services and there is medium impact on public confidence in the licensee.

(c) Severity 3 incident has little or no impact to critical services and there is no visible impact on public confidence in the licensee.

Added: January 2022