IT sivuston haku

IT sivujen etusivu: https://wiki.lamk.fi/display/it

Skip to end of metadata
Go to start of metadata

CONSEQUENCE SCALE FOR IT BREACHES

1. Students

2. Staff 

3. Others


1. CONSEQUENCE SCALE, students

 

THE DEGREE OF INTENT

Ignorance

The lack of competence

Negligence

Accident

Unintentionality

Disregard

Gross negligence

The desire to show off

Intentionality

Recurrence

Criminal intent (civil wrong, unauthorized use, spying, confidentiality breach, abuse of office etc.)

Intention of gain/obtaining benefit

 SEVERITY OF THE BREACH    
Severe breach (An act of violation or an offense set forth by law), e.g. 
  • Hacking, invasion 
  • Unlawful processing of 
 material subject to criminal law 
  • Unlawful distribution of material subject to 
 copyright law 
  •  Intentional unauthorized portscanning 
     
  • Delibarate distribution of viruses 
     
  • Denial of service attack (DoS)

Report of an office will be considered

Possible written warning

Admonition / Restriction of access rights 1 wk. – 3 mo.

Report of an office will be considered

Temporary expulsion

Restriction of access rights 3-6 mo.

Report of an office

Temporary expulsion

Restriction of access rights 6 mo. ->

Breach (Gross abuse or risking security), e.g. 

  • Unauthorized copying of programs and games 
     
  • Installing unauthorized software 
     
  • Hacking/Unauthorized possession of the administrator’s tools 
     
  • Unauthorized software installation 

  • Giving one's login ID to another user 

  • Risking information confidentiality 
Admonition / Restriction of access rights 1 wk.-2 mo.

Written warning

Restriction of access rights 1-3 mo.

Report of an office will be considered

Temporary expulsion

Restriction of access rights 3-6 mo.

Minor breach (Abuse), e.g. 

  • Neglecting personal information security
     
  • Inappropriate behaviour 
     
  • Causing harm 
     
  • Wasting resources 
     
  • Neglecting antivirus protection or security updates 
     
  • Unauthorized commercial or political operation 
     
  • Infringement of access control rules
Admonition / Restriction of access rights 1 wk.-1 mo.Restriction of access rights 1 wk.-2 mo.

Report of an office will be considered

Restriction of access rights 1-3 mo.

SEVERITY OF THE BREACH     

 

2. CONSEQUENCE SCALE, staff

THE DEGREE OF INTENT

Ignorance

The lack of competence

Negligence

Accident

Unintentionality

Disregard

Gross negligence

The desire to show off

Intentionality

Recurrence

Criminal intent (civil wrong, unauthorized use, spying, confidentiality breach, abuse of office etc.)

Intention of gain/obtaining benefit

SEVERITY OF THE 

BREACH

   
Severe breach (An act of violation or an offense set forth by law), e.g. 
  • Hacking, invasion 
  • Unlawful processing of 
 material subject to criminal law 
  • Unlawful distribution of material subject to 
 copyright law 
  •  Intentional unauthorized portscanning 
     
  • Delibarate distribution of viruses 
     
  • Denial of service attack (DoS)

Report of an office will be considered

Admonition / Written warning

Report of an office

Written warning / Dismissal / Termination of the contract of employment

Report of an office

Termination of the contract of employment

Breach (Gross abuse or risking security), e.g. 

  • Unauthorized copying of programs and games 
     
  • Installing unauthorized software 
     
  • Hacking/Unauthorized possession of the administrator’s tools 
     
  • Unauthorized software installation 

  • Giving one's login ID to another user 

  • Risking information confidentiality
Admonition / Written warningWritten warning / Dismissal / Termination of the contract of employment

Report of an office

Dismissal / Termination of the contract of employment

Minor breach (Abuse), e.g. 

  • Neglecting personal information security
     
  • Inappropriate behaviour 
     
  • Causing harm 
     
  • Wasting resources 
     
  • Neglecting antivirus protection or security updates 
     
  • Unauthorized commercial or political operation 
     
  • Infringement of access control rules
AdmonitionAdmonition / Written warning

Report of an office will be considered

Written warning / Dismissal / Termination of the contract of employment

SEVERITY OF THE BREACH     

The access rights to individual systems can temporarily or permanently be suspended due to the lack of confidence resulted from the abuse.


3. CONSEQUENCE SCALE, others

THE DEGREE OF INTENT

Ignorance

The lack of competence

Negligence

Accident

Unintentionality

Disregard

Gross negligence

The desire to show off

Intentionality

Recurrence

Criminal intent (civil wrong, unauthorized use, spying, confidentiality breach, abuse of office etc.)

Intention of gain/obtaining benefit

SEVERITY OF THE 

BREACH

   
Severe breach (An act of violation or an offense set forth by law), e.g. 
  • Hacking, invasion 
  • Unlawful processing of 
 material subject to criminal law 
  • Unlawful distribution of material subject to 
 copyright law 
  •  Intentional unauthorized portscanning 
     
  • Delibarate distribution of viruses 
     
  • Denial of service attack (DoS)

 Report of an office will be considered

Admonition / Restriction of access rights 1 wk. – 3 mo. (students)

Revocation of access rights

Report of an office

Revocation of access rights

Report of an office

Revocation of access rights

Breach (Gross abuse or risking security), e.g. 

  • Unauthorized copying of programs and games 
     
  • Installing unauthorized software 
     
  • Hacking/Unauthorized possession of the administrator’s tools 
     
  • Unauthorized software installation 

  • Giving one's login ID to another user 

  • Risking information confidentiality
Admonition / Restriction of access rights 1 wk. – 2 mo. (students)Revocation of access rights

Report of an office

Revocation of access rights

Minor breach (Abuse), e.g. 

  • Neglecting personal information security
     
  • Inappropriate behaviour 
     
  • Causing harm 
     
  • Wasting resources 
     
  • Neglecting antivirus protection or security updates 
     
  • Unauthorized commercial or political operation 
     
  • Infringement of access control rules
Admonition / Restriction of access rights 1 wk. – 1 mo. (students)

Admonition / Restriction of access rights 1 wk. – 2 mo. (students)

Revocation of access rights

Report of an office Revocation of access rights
SEVERITY OF THE BREACH     

The access rights to individual systems can temporarily or permanently be suspended due to the lack of confidence resulted from the abuse.



  • No labels