|
Article 2
|
Cyber security incident is classified into four levels.<br/>The cyber security incident occurred to the government agency or the specific non-government agency (hereinafter referred to as “each agency”) under any of the following circumstances is the level-1 cyber security incident:<br/>1. Minor breach of non-core business information.<br/>2. Minor alteration of non-core business information or non-core information and communication sys-tem.<br/>3. Impact on or interruption of non-core information and communication system operation which may be recovered within tolerable interruption time, resulting in impact on daily operation of each agen-cy.<br/>The cyber security incident occurred to each agency under any of the following circumstances is the lev-el-2 cyber security incident:<br/>1. Serious breach of non-core business information or minor breach of core business information not involving the maintenance and operation of critical infrastructures.<br/>2. Serious alteration of non-core business information or non-core information and communication system, or minor alteration of core business information or core information and communication system not involving the maintenance and operation of critical infrastructures.<br/>3. Impact on or interruption of non-core information and communication system operation, which cannot be recovered within tolerable interruption time, or impact on or interruption of core information and communication system operation not involving the maintenance and operation of criti-cal infrastructures, which may be recovered within tolerable interruption time.<br/>The cyber security incident occurred to each agency under any of the following circumstances is the lev-el-3 cyber security incident:<br/>1. Serious breach of core business information not involving the maintenance and operation of critical infrastructures, or minor breach of confidential information of general official affairs or core business information involving the maintenance and operation of critical infrastructures.<br/>2. Serious alteration of core business information or core information and communication system not involving the maintenance and operation of critical infrastructures, or minor alteration of confiden-tial information of general official affairs, or core business information or core information and communication system involving the maintenance and operation of critical infrastructures.<br/>3. Impact on or interruption of the operation of core information and communication system not in-volving the maintenance and operation of critical infrastructures, which cannot be recovered within the tolerable interruption time, or impact on or interruption of the operation of core information and communication system involving the maintenance and operation of critical infrastructures, which may be recovered within tolerable interruption time.<br/>The cyber security incident occurred to each agency under any of the following circumstances is the lev-el-4 cyber security incident:<br/>1. Serious breach of confidential information of general official affairs, or core business information involving the maintenance and operation of critical infrastructures, or the breach of classified na-tional security information.<br/>2. Serious alteration of confidential information of general official affairs, or core business information or core information and communication system involving the maintenance and operation of critical infrastructures, or the alteration of classified national security information.<br/>3. Impact on or interruption of core information and communication system involving the mainte-nance and operation of critical infrastructures, which cannot be recovered within tolerable interrup-tion time.
|