...
- Breach of confidentiality
- Violation of data integrity
- Denial of access
- Use of infrastructure for malicious purposes
Personal Information Risk Assessment: The Four Questions
Process managed by University Counsel and UIT/Information Security.
Note
As you proceed, you must minimize the number of parties who receive information about events of potential concern discussed here; only tell people about an event if required by this procedure or if they absolutely need to know. Communications should first be coordinated through the Office of University Counsel wherever possible. After your initial work, and then a more thorough investigation, senior management will determine whether an event is an incident---and whether an incident is a data breach.
The IT Support Specialist, Information Steward, and End User must together make an initial determination of the probability that personal information was stored on the computing resource.
...