Security Incident. The act of violating an explicit or implied security policy, which includes attempts (either failed or successful) to gain unauthorized access to a system or its data, unwanted disruption or denial of service, the unauthorized use of a system for the processing or storage of data; and changes to system hardware, firmware, or software characteristics without the owner's knowledge, instruction, or consent. Incidents include the loss of data through theft or device misplacement, loss or misplacement of hardcopy documents, and misrouting of mail, all of which may have the potential to put the data at risk of unauthorized access, use, disclosure, modification, or destruction. Adverse events such as floods, fires, electrical outages, and excessive heat are not considered incidents. (Computer Matching Agreement, Agreement No. 2013-11, p.5.)
Appears in 15 contracts
Samples: Standard Services Agreement, Scope of Work Agreement, CCSB Agency Agreement