This policy defines four types of information incidents: (1) loss or theft, (2) intrusion by malware or unauthorized access via the network, (3) physical intrusion, and (4) all others. Each type has criteria that make a possible incident "reportable." The policy requires the reporting of reportable incidents unless one of the exceptions applies. The Incident Reporting and Response Procedures are the implementation of the policy.
Loading from: policylibrary