Chapter 1 General Provisions
Article 1
These Regulations are stipulated in accordance with Paragraph 4 of Article 14 and Paragraph 4 of Article 18 of the Cyber Security Management Act (hereinafter referred to as the “Act”).
Article 2
Cyber security incident is classified into four levels.
The cyber security incident occurred to the government agency or the specific non-government agency (hereinafter referred to as “each agency”) under any of the following circumstances is the level-1 cyber security incident:
1. Minor breach of non-core business information.
2. Minor alteration of non-core business information or non-core information and communication system.
3. Impact on or interruption of non-core business operation which may be recovered within tolerable interruption time, resulting in impact on daily operation of each agency.
The cyber security incident occurred to each agency under any of the following circumstances is the level-2 cyber security incident:
1. Serious breach of non-core business information or minor breach of core business information not involving the maintenance and operation of critical infrastructures.
2. Serious alteration of non-core business information or non-core information and communication system, or minor alteration of core business information or core information and communication system not involving the maintenance and operation of critical infrastructures.
3. Impact on or interruption of non-core business operation, which cannot be recovered within tolerable interruption time, or impact on or interruption of core business or core information and communication system operation not involving the maintenance and operation of critical infrastructures, which may be recovered within tolerable interruption time.
The cyber security incident occurred to each agency under any of the following circumstances is the level-3 cyber security incident:
1. Serious breach of core business information not involving the maintenance and operation of critical infrastructures, or minor breach of confidential, sensitive information of general official affairs, or minor breach of core business information involving the maintenance and operation of critical infrastructures.
2. Serious alteration of core business information or core information and communication system not involving the maintenance and operation of critical infrastructures, or minor alteration of confidential, sensitive information of general official affairs or core business information or core information and communication system involving the maintenance and operation of critical infrastructures.
3. Impact on or interruption of the operation of core business or core information and communication system not involving the maintenance and operation of critical infrastructures, which cannot be recovered within the tolerable interruption time, or impact on or interruption of the operation of core business or core information and communication system involving the maintenance and operation of critical infrastructures, which may be recovered within tolerable interruption time.
The cyber security incident occurred to each agency under any of the following circumstances is the level-4 cyber security incident:
1. Serious breach of confidential, sensitive information of general official affairs or core business information involving the maintenance and operation of critical infrastructures, or the breach of classified national security information.
2. Serious alteration of confidential, sensitive information of general official affairs or core business information or core information and communication system involving the maintenance and operation of critical infrastructures, or the alteration of classified national security information.
3. Impact on or interruption of core business or core information and communication system involving the maintenance and operation of critical infrastructures, which cannot be recovered within tolerable interruption time.
Article 3
Content of the notification of cyber security incident shall include the following items:
1. The agency occurred.
2. The time of occurrence or awareness.
3. The description of the situation.
4. Level assessment.
5. Coping measure in response to the incident.
6. Assessment of requirement for external support.
7. Other relevant items.