Chapter I. General Provisions |
| Article 1 | These Regulations are prescribed pursuant to Paragraph 4, Article 10; Paragraph 4, Article 17; and Paragraph 4, Article 24 of the Cyber Security Management Act (hereinafter referred to as the “Act”). |
Info |
| Article 2 | Cyber security incidents are classified into four levels.
A cyber security incident occurring at a government agency or a specific non-government agency (hereinafter referred to as an “agency”) under any of the following circumstances is a level 1 cyber security incident:
1. Minor disclosure of non-core business information.
2. Minor tampering with non-core business information or a non-core information and communication system.
3. The operation of a non-core information and communication system is affected or interrupted, but can be restored within the tolerable interruption time, thereby affecting the agency’s routine operations.
A cyber security incident occurring at an agency under any of the following circumstances is a level 2 cyber security incident:
1. Serious disclosure of non-core business information, or a minor disclosure of core business infor mation not involving the maintenance or operation of critical infrastructure.
2. Serious tampering with non-core business information or a non-core information and communication system, or minor tampering with core business information or a core information and commu nication system not involving the maintenance or operation of critical infrastructure.
3. The operation of a non-core information and communication system is affected or interrupted and cannot be restored within the tolerable interruption time, or the operation of a core information and communication system not involving the maintenance or operation of critical infrastructure is affected or interrupted but can be restored within the tolerable interruption time.
A cyber security incident occurring at an agency under any of the following circumstances is a level 3 cyber security incident:
1. Serious disclosure of core business information not involving the maintenance or operation of criti cal infrastructure, or a minor disclosure of confidential information relating to general official affairs or of core business information involving the maintenance or operation of critical infrastructure.
2. Serious tampering with core business information or a core information and communication system not involving the maintenance or operation of critical infrastructure, or minor tampering with confidential information relating to general official affairs, core business information, or a core information and communication system involving the maintenance or operation of critical infrastructure.
3. The operation of a core information and communication system not involving the maintenance or operation of critical infrastructure is affected or interrupted and cannot be restored within the tolerable interruption time, or the operation of a core information and communication system involving the maintenance or operation of critical infrastructure is affected or interrupted but can be restored within the tolerable interruption time.
A cyber security incident occurring at an agency under any of the following circumstances is a level 4 cyber security incident:
1. Serious disclosure of confidential information relating to general official affairs, or of core business information involving the maintenance or operation of critical infrastructure, or a disclosure of classified national security information.
2. Serious tampering with confidential information relating to general official affairs, core business information, or a core information and communication system involving the maintenance or operation of critical infrastructure, or tampering with classified national security information.
3. The operation of a core information and communication system involving the maintenance or oper ation of critical infrastructure is affected or interrupted and cannot be restored within the tolerable interruption time. |
|
| Article 3 | The reporting of cyber security incidents shall include the following information:
1. The affected agency.
2. The time of occurrence or awareness.
3. A description of the incident.
4. The incident level assessment.
5. Countermeasures for the incident.
6. Assessment of the need for external support.
7. Other relevant matters. |
|
| Article 4 | Each agency shall stipulate operational guidelines for the reporting of cyber security incidents, which shall include the following matters:
1. The process and responsibility for the determination of incident levels.
2. Assessment of the scope of impact, the extent of damage, and the agency’s response capabilities.
3. Internal reporting procedures for cyber security incidents.
4. Methods for notifying other agencies affected by the cyber security incident.
5. Drills covering the matters set out in the preceding four subparagraphs.
6. The reporting point of contact and contact methods for cyber security incident reporting.
7. Other matters relating to the reporting of cyber security incidents. |
|
| Article 5 | Each agency shall stipulate operational guidelines for the response to cyber security incidents, the content of which shall include the following matters:
1. The organization of the response team.
2. Drills to be conducted before an incident occurs.
3. Damage-control mechanisms upon the occurrence of an incident.
4. Recovery, identification, investigation, and corrective mechanisms after an incident occurs.
5. Preservation of records relating to the incident.
6. Other matters relating to the response of cyber security incidents. |
|