Sec. 1.5. (a) "Cybersecurity incident" means a malicious or suspicious occurrence that consists of one (1) or more of the categories of attack vectors described in subsection (b) and defined on the office's website that: (1) jeopardizes or may potentially jeopardize the confidentiality, integrity, or availability of an information system, an operational system, or the information that such systems process, store, or transmit; (2) jeopardizes or may potentially jeopardize the health and safety of the public; or (3) violates security policies, security procedures, or acceptable use policies. (b) A cybersecurity incident may consist of one (1) or more of the following categories of attack vectors: (1) Ransomware. (2) Business electronic mail compromise. (3) Vulnerability exploitation. (4) Zero-day exploitation. (5) Distributed denial of service. (6) Website defacement. (7) Other sophisticated attacks as defined by the chief information officer and that are posted on the office's website.
‹ Prev All Indiana sections Next ›
Lexace provides legal information, not legal advice, and no attorney–client relationship is created. Statute text is provided for general information and may not reflect the most recent amendments; verify against the official state code.