|
Article 4
|
Each agency shall stipulate operational guidelines for the reporting of cyber security incidents, which shall include the following matters:<br/>1. The process and responsibility for the determination of incident levels.<br/>2. Assessment of the scope of impact, the extent of damage, and the agency’s response capabilities.<br/>3. Internal reporting procedures for cyber security incidents.<br/>4. Methods for notifying other agencies affected by the cyber security incident.<br/>5. Drills covering the matters set out in the preceding four subparagraphs.<br/>6. The reporting point of contact and contact methods for cyber security incident reporting.<br/>7. Other matters relating to the reporting of cyber security incidents.
|