17.8.35 Information security incident
Information security incidents are defined as a single or series of unwanted events that compromise (or are likely to compromise) the confidentiality, integrity or availability of OIST information assets and/or breach OIST policy or Japanese law. A compromise is an incident where the security of a system or its information was successfully harmed.
Examples of information security incidents include:
- Data loss due to any cause including operation error such as personal data being e-mailed to the wrong recipient
- Unauthorized use of a system for the processing or storage of data
- Noncompliance with information security and acceptable use policies
- Theft or other loss of a laptop, desktop, PDA, or other device that stores the University information, whether or not the device is owned by the University
- Attempts (either failed or successful) to gain unauthorized access to a system or its data
- Unwanted disruption or denial of service
- Malfunctions of software or hardware